4. Suricata/Snort and VPN protection

Suricata/Snort and VPN protection

  • T

    Hi all,
    I'm newbie with IPS/IDS systems, and didn't find the answer to my question.
    In snort or suricata, it seems that only physical interfaces can be declared for traffic inspection/protection.
    In my case, I'd like suricata to check traffic entering pfSense via an IPsec endpoint. But I don't find any "virtual interface" to declare and set up in suricata. Of course, the IPsec endpoint comes in my WAN physical interface, but will suricata be able to check traffic inside the tunnel (say, SQL injection, for example) ?
    Thank you !  :)
    Pierre

    0
  • T

    Well, I read in a former topic (102457) a way to inspect traffic inside VPN is to create a new interface, in Interfaces menu.
    Unfortunately it seems this new interface only appears when it comes to OpenVPN VPN… not IPsec  :(
    Any help would be appreciated ! ;)
    Thanks !

    0
  • ?

    Setting up both, Suricata and Snort will be not a good idea, for sure it can be done but in usual and the
    most common set ups it might be better to go only with one solution. You can also set up Snort or Suricata
    to inspect or sniff at your LAN interface, so all traffic passing the WAN and/or the VPN will be inspected if it
    reach the LAN interface.

    0
  • T

    Did it !  :D  Great !
    In effect, I only intend to set up Suricata for the moment.
    Thank you a lot !

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy