25 May
2018
25 May
'18
6:52 a.m.
Le 25/05/2018 à 12:50, Ruben ON3RVH a écrit :
I've set up Snort on the pfSense firewall, it does
IPS as well that way
I tried pfSense a while ago, but I didn't enjoy the UI ;-) I also tried
Comodo, which has a better UI (to me !), but it's CentOS-based, and I
don't know that OS at all. So, both are still in my "testing" list...
My "production" firewall is Shorewall, but there's no easy way to
implement Snort directly on it. I'm also wondering if I should add IPS
service (such as Snort) on existing machines (my BGP router, my main VPN
gateway) or insert a dedicated machine between them.
--
Of course, it would be a great idea to share our tools and techniques
for network protection. I have very tiny experience with machines
connected directly to Internet. Our previous design was using private
addressing, and was in a "DMZ" of my corporate firewall (with commercial
IPS and anti-malware services inside). The new design uses BGP
addressing and is splitted between two data centers (hosted by two
different companies with different tools). So, in order to keep the
whole infra hamradio-friendly and facilitate administration, we decided
to bypass completely our two (different) corporate firewalls. So, we'll
have to learn how to do by ourselves what was previously done by the
corp firewalls. And it may not be an easy task...
73 de TK1BI