Le 25/05/2018 à 12:50, Ruben ON3RVH a écrit :
I've set up Snort on the pfSense firewall, it does IPS as well that way
I tried pfSense a while ago, but I didn't enjoy the UI ;-) I also tried Comodo, which has a better UI (to me !), but it's CentOS-based, and I don't know that OS at all. So, both are still in my "testing" list...
My "production" firewall is Shorewall, but there's no easy way to implement Snort directly on it. I'm also wondering if I should add IPS service (such as Snort) on existing machines (my BGP router, my main VPN gateway) or insert a dedicated machine between them.
-- Of course, it would be a great idea to share our tools and techniques for network protection. I have very tiny experience with machines connected directly to Internet. Our previous design was using private addressing, and was in a "DMZ" of my corporate firewall (with commercial IPS and anti-malware services inside). The new design uses BGP addressing and is splitted between two data centers (hosted by two different companies with different tools). So, in order to keep the whole infra hamradio-friendly and facilitate administration, we decided to bypass completely our two (different) corporate firewalls. So, we'll have to learn how to do by ourselves what was previously done by the corp firewalls. And it may not be an easy task...
73 de TK1BI