ESXi5.5 issue with pfsense SNORT



  • So all I want to do is use SNORT to monitor the traffic of my vmware vms.  Today I have all my VMs in a distributed vswitch under several port groups.  How do I go about putting in a pfsense with SNORT to monitor/block traffic to these servers?  I'm confused do I need to create another vDS with no nics called IPS_Protected and assign the pfsense 2 nics one to the  LAN and one to this IPS_Protected?  The WAN port in all the documentation I've read is confusing me.  Any help would be greatly appreciated.

    Thanks


  • LAYER 8 Global Moderator

    why would you use pfsense if all you want is snort to monitor?  Why not just install a VM running your fav OS that snort runs on and install snort?  There is prob already vm's you can just download that have snort on them.

    Attach its interface so that it can see all the traffic you want to monitor..

    example for setting up esxi https://isc.sans.edu/forums/diary/Running+Snort+on+VMWare+ESXi/15899/

    Here is a setup guide for snort.  https://www.snort.org/documents/snort-2-9-7-x-on-ubuntu-12-lts-and-14-lts

    If your not going to use pfsense to route/firewall traffic doesn't make any sense to run it to just get snort up.



  • Yes you make a good point, thanks for the response


  • LAYER 8 Global Moderator

    If you were going to use pfsense to route your traffic to firewall your VMs then package is clickity clickity..  But to be honest if you want to really run snort, etc.  And have full control and power and feature set, etc.. Better to run it on your own VM not the package integrated into pfsense.