Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Stuck with my New Networking Lab

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    spansecurityonionpfsenselab
    1 Posts 1 Posters 436 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      irdrgz
      last edited by irdrgz

      Hi everyone!

      I have a lab set up on an ESXi server, provided by my university, where I am testing with pfSense and Security Onion. The idea is to simulate the network of a very small company. Here is an image of the topology:
      topologia.png
      As you can see, the router is connected to the physical interface of the server, where the whole network connects to the internet. NAT is also configured in it.
      The firewall also acts as a gateway for the three subnets, a DMZ, a LAN and an exclusive network for the Security Onion server. In addition, it has configured the corresponding traffic rules for the DMZ, LAN, WAN and SecurityOnion subnets.

      My problem comes now:
      You see I want to configure a SPAN port on the firewall. The sniffing interface of the Security Onion server (which has no IP address) will be connected to it and I would like the firewall to forward to this server all the traffic that flows through it, whether it comes from the WAN, LAN or DMZ, so that I can analyse it and create alerts about it from the Security Onion console. How should I create this port? For now I have created a bridge interface where the Member Interfaces are the ones corresponding to the WAN, LAN and DMZ and in the Span Port I have selected the interface where I would connect the Security Onion Sniffing.

      What can you correct? What can I improve? If you need any more details to have more context don't hesitate to ask.

      Thank you very much for your help and best regards to all of you.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.