[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pfsense-discussion
Subject:    Re: [pfSense] recommandation: snort IDS, web http traffic, pfsense
From:       Ivo Tonev <ivo () tonev ! pro ! br>
Date:       2014-09-29 0:52:26
Message-ID: D34AB7F0-D3C2-412C-A697-D35FF1FB6799 () tonev ! pro ! br
[Download RAW message or body]

can you send your network layout ?
how many servers ?

------
Ivo Tonev
ivo@tonev.pro.br

> On Sep 28, 2014, at 05:58, Stefan Fuhrmann <stefan@fuhrmann.homedns.org> wrote:
> 
> Hello all,
> 
> can someone help?
> 
> tia
> Stefan
> 
> Am Freitag, 26. September 2014, 15:11:04 schrieb Stefan Fuhrmann:
>> Hello all,
>> 
>> I need a recommandation for following setup:
>> 
>> pfsense-cluster
>> 
>> loadbalancers
>> 
>> webservers
>> 
>> There are some thousend visits per day and I want to secure with pfsense and
>> snort. Snort runs on lan-site.
>> I want to be aware which are the false positives and how to handle this
>> traffic with snort and the snort- gui within pfsense?
>> Is it now a good idea to enable step by step the categories and doing
>> whitelisting of rules , where Im the meaning this traffic should go and
>> block the rest?
>> Im unsure if there is alot of traffic getting blocked which should pass....
>> This should dont be happen...
>> 
>> In that firm there is the meaning that we should do blacklisting. Blocking
>> only categories where we are secure this is not good traffic.
>> In the moment there are several thousend alerts per day!
>> 
>> I would say blocking the alerts and then I do whitelisting via gui.
>> Problem: at first there is an error state....
>> 
>> Someone can give recommandations how to implement?
>> Is it a good idea to configure the files directly on pfsense?
>> 
>> tia
>> Stefan
>> _______________________________________________
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
> 
> _______________________________________________
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
_______________________________________________
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic