Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    port mirroring pfsense stream to virtual ids analysis machine

    Scheduled Pinned Locked Moved Virtualization
    port mirroring
    2 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BxuEyE4
      last edited by

      i want to be able to send pfsense(sg-2440) stream to an ids analysis machine that is a vmware guest. the esxi host has 6 nic ports connected to same switch pfsense is connected to.

      i can port mirror the port pfsense is connected to on the switch but from there i'm stuck on how to get that stream to the ids.

      do i need to enable promiscuous mode on the relevant interfaces on the ESXi host or what?

      B 1 Reply Last reply Reply Quote 0
      • B
        BxuEyE4 @BxuEyE4
        last edited by

        i found the link below and a few others on the net but this one explains what i'm trying to do, at least from a vm perspective:

        dailysysadmin.com/KB/Article/965/port-mirroring-cisco-switch-virtual-machine-vmware-esxi-host/

        made those configurations & mirrored the pfsense LAN switch port to security onion. checking now if i have the VLAN option correct but for now seeing a lot of traffic on the securityonion " ens192 " interface, the one without an ip that, i think, captures on all interfaces. getting there.

        i want to get the actual traffic to securityonion for analysis, say versus streaming pfsense syslog to securityonion.

        so port mirroring the pfsense LAN port is the way to do so, yes?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.