Snort with wireless access point

corenom · Apr 1, 2015, 8:15 PM

I had a question about using Snort with a Wireless Access Point. Will snort (lan) work with an access point connected directly to Pfsense?

I think Snort (lan) doesn't work if a switch is connected and the data is being sent directly to the other device through the switch and basically bypassing the firewall?

KOM · Apr 1, 2015, 8:23 PM

Will snort (lan) work with an access point connected directly to Pfsense?

Sure, why not? It's just a WLAN.

I think Snort (lan) doesn't work if a switch is connected and the data is being sent directly to the other device through the switch and basically bypassing the firewall?

Yes, that's kind of obvious. Snort on pfSense can only scan the networks attached to it. It your existing WLAN goes to a switch that's upstream from pfSense then pfSense isn't even path of the network path for your wireless clients.

corenom · Apr 1, 2015, 10:02 PM

@KOM:

Will snort (lan) work with an access point connected directly to Pfsense?

Sure, why not? It's just a WLAN.

I think Snort (lan) doesn't work if a switch is connected and the data is being sent directly to the other device through the switch and basically bypassing the firewall?

Yes, that's kind of obvious. Snort on pfSense can only scan the networks attached to it. It your existing WLAN goes to a switch that's upstream from pfSense then pfSense isn't even path of the network path for your wireless clients.

Thank you Kom, still a little new at this. Just to confirm, traffic between clients on a WLAN will pass through Pfsense (if directly attached)? Or does it work like a switch and traffic flows between wireless clients without passing through Pfsense?