Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort VRT Rules Question - Anyone Using them in SMB setting?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      abard
      last edited by

      Hello,

      I'm looking at setting up a UTM device with pfsense and came across snort for IDS/IPS. The FW is going to be used in a SMB setting that has to be PCI compliant. However, after some research, it seems that Snort is $499/$399 per device/year, depending on configuration - this seems a bit high when compared to our current SonicWALL/Watchguard setup.

      So my question is, are people really using VRT ruleset for their SMB locations? I'm all for Open-Source and supporting the community but Snort is owned by Cisco and this seems a bit extreme.

      1 Reply Last reply Reply Quote 0
      • J
        jasonlitka
        last edited by

        Snort cost that much before the acquisition. If you don't pay you can still use it, you just get rules a few weeks later than anyone else. You could always use the free rules and emerging threats.

        I can break anything.

        1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator
          last edited by

          I have Snort VRT and ET Pro rulesets. If I had to choose between them, I would subscribe to the ET Pro ruleset and use the Snort open ruleset.

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • A
            abard
            last edited by

            Thanks for the input.

            Jason - I was actually eluding that you could justify, before Cisco, with "Support the Community" logic but with the acquisition, it becomes a dollars and cents decision.

            BBCan - I'll look into those, appreciate the suggestion.

            1 Reply Last reply Reply Quote 0
            • J
              jasonlitka
              last edited by

              @abard:

              Thanks for the input.

              Jason - I was actually eluding that you could justify, before Cisco, with "Support the Community" logic but with the acquisition, it becomes a dollars and cents decision.

              BBCan - I'll look into those, appreciate the suggestion.

              That doesn't make any sense.  You were willing to spend $500 before but not now simply because Snort was bought by a larger company.  Sourcefire was never a not-for-profit and they got paid something fierce when they were purchased (it was almost $3B if memory serves).

              Anyway, this price is way cheaper than the IDS options on Cisco's ASAs.

              I can break anything.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.