Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense Suricata - High Availability?

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 985 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ColdBrewC
      ColdBrew
      last edited by

      Is there any documentation/support for high availability with Suricata on PFSense? We have two pfSense instances syncing via pfSync, and I would just like to make sure an installation of Suricata is compatible.

      Thank you!

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by bmeeks

        The Suricata package has a SYNC tab where you can configure the package to send its settings to one or more identical pfSense hosts. The two boxes must be identical in terms of hardware up to and including NIC types and port assignments (i.e., which one is LAN, WAN, etc.). All the SYNC does is copy settings such as configured interfaces and rules.

        There is no sort of state sync or any other type of realtime data exchange between the synced packages. So not exactly HA in the true sense, but it does give you a twin version of the package should the active firewall go down and the standby takeover. However, in terms of Suricata, there would be a traffic disruption of sorts since the standby version coming online will have no idea what TCP streams the other host was seeing/handling. And there is no synchronization of blocked hosts.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.