Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Suricata/Snort and VPN protection

    Scheduled Pinned Locked Moved IDS/IPS
    4 Posts 2 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tipiewot
      last edited by

      Hi all,
      I'm newbie with IPS/IDS systems, and didn't find the answer to my question.
      In snort or suricata, it seems that only physical interfaces can be declared for traffic inspection/protection.
      In my case, I'd like suricata to check traffic entering pfSense via an IPsec endpoint. But I don't find any "virtual interface" to declare and set up in suricata. Of course, the IPsec endpoint comes in my WAN physical interface, but will suricata be able to check traffic inside the tunnel (say, SQL injection, for example) ?
      Thank you !  :)
      Pierre

      1 Reply Last reply Reply Quote 0
      • T
        tipiewot
        last edited by

        Well, I read in a former topic (102457) a way to inspect traffic inside VPN is to create a new interface, in Interfaces menu.
        Unfortunately it seems this new interface only appears when it comes to OpenVPN VPN… not IPsec  :(
        Any help would be appreciated ! ;)
        Thanks !

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          Setting up both, Suricata and Snort will be not a good idea, for sure it can be done but in usual and the
          most common set ups it might be better to go only with one solution. You can also set up Snort or Suricata
          to inspect or sniff at your LAN interface, so all traffic passing the WAN and/or the VPN will be inspected if it
          reach the LAN interface.

          1 Reply Last reply Reply Quote 0
          • T
            tipiewot
            last edited by

            Did it !  :D  Great !
            In effect, I only intend to set up Suricata for the moment.
            Thank you a lot !

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.