Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Do I really need Snort??

    pfSense Packages
    2
    4
    2437
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      greenpoise last edited by

      How important is Snort in Pfsense? Does PFsense comes as a firewall out of the box? My pfsense box keeps crashing and I keep removing packages. I am down to Snort and OpenVPN. Our most important features are OpenVPN and the proxy server. Right now I cant achieve consistency/stability on this thing and I cant quite understand why??  But to the main question, is Snort that important? so is PFblocker???

      thanks

      1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks last edited by

        @greenpoise:

        How important is Snort in Pfsense? Does PFsense comes as a firewall out of the box? My pfsense box keeps crashing and I keep removing packages. I am down to Snort and OpenVPN. Our most important features are OpenVPN and the proxy server. Right now I cant achieve consistency/stability on this thing and I cant quite understand why??  But to the main question, is Snort that important? so is PFblocker???

        thanks

        You don't "need" Snort on the box, but many folks find it quite useful to have an integrated IPS (Intrusion Prevention System) as part of pfSense.  I have never seen Snort crash a pfSense box to the point of unusability.  I have seen the Snort process crash and die, but that has never taken down my pfSense firewall itself.

        Can you define "crashing" a bit better?  Does pfSense crash to the point only a reboot restores it, or does it stop doing something such as blocking or logging?  If you are getting crashes to the point you need to reboot or cycle power, then I am very inclined to believe that would be a hardware issue such as failing hardware or a marginally-supported hardware driver (say the NIC, for example).

        Bill

        1 Reply Last reply Reply Quote 0
        • G
          greenpoise last edited by

          @bmeeks:

          @greenpoise:

          How important is Snort in Pfsense? Does PFsense comes as a firewall out of the box? My pfsense box keeps crashing and I keep removing packages. I am down to Snort and OpenVPN. Our most important features are OpenVPN and the proxy server. Right now I cant achieve consistency/stability on this thing and I cant quite understand why??  But to the main question, is Snort that important? so is PFblocker???

          thanks

          You don't "need" Snort on the box, but many folks find it quite useful to have an integrated IPS (Intrusion Prevention System) as part of pfSense.  I have never seen Snort crash a pfSense box to the point of unusability.  I have seen the Snort process crash and die, but that has never taken down my pfSense firewall itself.

          Can you define "crashing" a bit better?  Does pfSense crash to the point only a reboot restores it, or does it stop doing something such as blocking or logging?  If you are getting crashes to the point you need to reboot or cycle power, then I am very inclined to believe that would be a hardware issue such as failing hardware or a marginally-supported hardware driver (say the NIC, for example).

          Bill

          Hi Bill,

          Thanks for your response.  After 48 days of struggles, I just went back to my simple router. I wanted to love Pfsense but it just didnt work. It was too unstable. Granted I had the 2.1 version because it is what worked for my hardware (which actually was not fancy at all). For some reason the 2.0 version didnt accept my Drives. But I will give you a brief on how I left it. I would not get any error messages. Internet Traffic would just stop moving. I removed packages and rebooted. I went to bare basics. But nothing. I could stop snort and it would come back up. Sooo. thats how i left things. I found Pfsense to be faster than Untangle..free as opposed to Untangle..but in a production environment, I couldnt achieve reliability, something well needed…Thanks again!!!

          1 Reply Last reply Reply Quote 0
          • bmeeks
            bmeeks last edited by

            @greenpoise:

            Hi Bill,

            Thanks for your response.  After 48 days of struggles, I just went back to my simple router. I wanted to love Pfsense but it just didnt work. It was too unstable. Granted I had the 2.1 version because it is what worked for my hardware (which actually was not fancy at all). For some reason the 2.0 version didnt accept my Drives. But I will give you a brief on how I left it. I would not get any error messages. Internet Traffic would just stop moving. I removed packages and rebooted. I went to bare basics. But nothing. I could stop snort and it would come back up. Sooo. thats how i left things. I found Pfsense to be faster than Untangle..free as opposed to Untangle..but in a production environment, I couldnt achieve reliability, something well needed…Thanks again!!!

            I really think your chosen hardware may have been the core problem and not pfSense itself.  I've found it to be rock-solid stable.  The fact you mentioned you had to run 2.1 because of your hardware indicates to me you were on or slightly beyond the bleeding edge of new hardware that pfSense supports.  If that is correct, then stability problems would not be unexpected.

            I run pfSense on SuperMicro hardware.  In my case for home, it's just a simple Atom CPU with 4 GB of RAM and a SATAII hard drive.  My particular SuperMicro board has Realtek on-board NICs, but thankfully they are the older series with better support (albeit not outstanding throughput if I had a super high speed connection, but I don't).

            So before you totally close the book on pfSense, maybe give it try on firmly supported hardware.  There are several suggestions in the Hardware forum here.

            Bill

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense Plus
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy