How do I setup Pfsense as a transparent firewall with IPS?
-
I've already bridged the connections but I'm not sure what to select when changing Snort settings.
Thanks
-
@jshoe snort should be enabled on the interface you wish to run intrusion detection
-
@JonathanLee So all I need to do is change the interface to the bridge and that's it? Sounds too easy!
-
If you want it to block as well as detect it should run on which ever interface has filtering enabled. By default that means the bridge member interfaces not the bridge itself.
https://docs.netgate.com/pfsense/en/latest/bridges/firewall.html
-
@jshoe tiny fishing said in How do I setup Pfsense as a transparent firewall with IPS?:
I've already bridged the connections but I'm not sure what to select when changing Snort settings.
Thanks
Since you've already bridged the connections, let's ensure this part is correctly set up.
Create a Bridge Interface:
Navigate to Interfaces > Assignments > Bridges.
Add a new bridge and select the interfaces you want to bridge (e.g., LAN and WAN).
Save and apply the changes.
Assign the Bridge Interface:Go to Interfaces > Assignments and add the bridge interface you created.
Assign it a name, such as BRIDGE0.
Configure Interface IP:Assign an IP address to the bridge interface (BRIDGE0) if needed for management purposes. If it's truly transparent, you might not need an IP on this interface.
-
@stephenw10 would this be the WAN port?
-
@boulesmoonraker I should have put that I know how to bridge them, not that I have yet. I will follow your steps.
-
@jshoe It could be either if filtering is on the member interfaces.
I would probably move filtering to the bridge interface and apply it there for logical simplicity.
