Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Enabling Snort on other interfaces

    General pfSense Questions
    4
    5
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Heli0s
      last edited by

      I have a pfSense box running with the following interfaces:

      WAN - The connection to the internet
      LAN - Where all the computers are
      DMZ - Where the webserver is (accessible from the internet)
      OpenVPN - All traffic from the LAN and DMZ is tunneled through the OpenVPN tunnel to an OpenVPN server

      I have Snort running on the WAN interface and it's working (since I can see the attack attempts).

      My question is: Do I need to enable Snort on the OpenVPN interface (since that's where all the traffic is going/coming from)? What about the DMZ interface? Or is enabling it on the WAN interface enough to protect all four interfaces?

      1 Reply Last reply Reply Quote 0
      • F
        firewalluser
        last edited by

        Snort cant check a ssl connection on your wan, so I would run it on all interfaces to keep an eye on whats going across all your other interfaces.

        Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

        Asch Conformity, mainly the blind leading the blind.

        1 Reply Last reply Reply Quote 0
        • S
          Supermule Banned
          last edited by

          An d then you would probably kill the firewall memory wise until Bmeeks comes up with a way to get snort going on multiple interfaces without loading all the rulesets more than once….

          1 Reply Last reply Reply Quote 0
          • M
            Mr. Jingles
            last edited by

            @Supermule:

            An d then you would probably kill the firewall memory wise until Bmeeks comes up with a way to get snort going on multiple interfaces without loading all the rulesets more than once….

            I have it running on WAN and LAN, but I don't recall any error messages(?)

            6 and a half billion people know that they are stupid, agressive, lower life forms.

            1 Reply Last reply Reply Quote 0
            • F
              firewalluser
              last edited by

              @Supermule:

              An d then you would probably kill the firewall memory wise until Bmeeks comes up with a way to get snort going on multiple interfaces without loading all the rulesets more than once….

              Good point!

              Just for reference if anyone wonders how much sort uses memory, I have everything switched on with snort, ie as secure as possible on 4 interfaces and its using up 34% of 4Gb of ram, using the AC-BNFA option.

              FWIW.

              Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

              Asch Conformity, mainly the blind leading the blind.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.