pfSense Snort Configuration (IPS \ IDS)
pfSense snort configuration is relatively an involved process that requires a bit of a networking knowldge. In this video we will see how to install, configure and enable Snort on pfSense.
We will be doing our pfSense snort configuration in a lab environment and we strongly recommend following the steps shown in this video but please be advised that all networks are different and snort settings that might be relevant in one network might be completely irrelevant on another network so try to make modifications that will serve your network the way you see fit.
In General Snort is an intrusion detection and prevention system. The package is available to install in the pfSense from the Package Manager. Snort operates using detection signatures called rules. Snort rules can be custom created by the user, or any of several pre-packaged rule sets can be enabled and downloaded. When performing pfSense snort configuration you first need to signup for an oinkcode on snort web site.
Keep in mind, according to the settings you will choose to implement after your pfSense snort configuration, you will probably encounter some false positives in snort. this where the suppression list will come into play but you must make sure that you have considered and identified in snort the traffic that was blocked and then suppress it.
pfSense snort configuration is a generally medium level task but when done correctly it will function very well and provide an important layer of security
0:00 Intro
1:20 Get your Snort Oinkcode
2:20 Install Snort on pfSense
2:45 Start Snort General Configuration
5:30 Configure Snort on your WAN Interface
7:30 Configure Snort Level of Protection
9:20 Enable the Snort Service
9:55 Working With Snort
11:35 Managing False Positives
14:40 Summary
#pfSense #Security #Snort
Please subscribe and follow us on Twitter: / techmeout5
Join our Synology Facebook group: / synousergroup
Join our Ubiquiti UniFi Facebook group: / ubntusergroup
