Netgate SG-1000 microFirewall

Author Topic: PFsense real implementation  (Read 416 times)

0 Members and 1 Guest are viewing this topic.

Offline luke1018

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
PFsense real implementation
« on: November 28, 2017, 02:31:04 am »
Dear all, recently I have explored this open source PFsense and also together Suricata & Snort. Now I am planning to transfer all these to the real server to server environment. With this, would like to check with you all what do I need in place in order for me to monitor various servers in our server farm.

How do we monitor other servers from one source? an Agent need to be installed? how can i get the agent if needed. Kindly advise and share with me your experience. Thanks

Offline Grimson

  • Full Member
  • ***
  • Posts: 191
  • Karma: +28/-2
    • View Profile
Re: PFsense real implementation
« Reply #1 on: November 28, 2017, 02:34:10 am »
pfSense is a firewall, not a network monitoring tool.

Offline luke1018

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: PFsense real implementation
« Reply #2 on: November 28, 2017, 03:07:09 am »
pfSense is a firewall, not a network monitoring tool.

but within it, using the Suricata and Snort to complement it. Does that work?

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2158
  • Karma: +166/-9
    • View Profile
Re: PFsense real implementation
« Reply #3 on: November 28, 2017, 06:55:13 am »
For monitoring servers, I wouldn't start setting up a firewall.
Create a VM on any of your servers (or even skip that part), and use montoring software.

Offline luke1018

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: PFsense real implementation
« Reply #4 on: November 28, 2017, 08:37:26 pm »
Does anyone got real time experience, please feel free to share how you use PFsense with Suricata and Snort. Thanks

Offline Presbuteros

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +4/-0
    • View Profile
Re: PFsense real implementation
« Reply #5 on: November 29, 2017, 02:09:21 am »
You may consider loading onto just one machine for testing and expand from there.

https://forum.pfsense.org/index.php?topic=61018.0

That is a helpful tutorial to get you started on setting up Snort on pfSense.

Offline luke1018

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: PFsense real implementation
« Reply #6 on: December 04, 2017, 08:28:57 pm »
Hi may I know how can we do testing (Implementing rules, new codes or configurations) on our local machine and once its ready, how can I duplicate it on the live machine?

Is there a way we can do backup and restore to the live system? or to patch it?

Kindly advise.

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2158
  • Karma: +166/-9
    • View Profile
Re: PFsense real implementation
« Reply #7 on: December 05, 2017, 03:56:45 am »
Hi may I know how can we do testing (Implementing rules, new codes or configurations) on our local machine and once its ready, how can I duplicate it on the live machine?
Is there a way we can do backup and restore to the live system? or to patch it?
Strange.
The very basic concept of pfSense is that it stores all settings in one file - witch can be backup and restored, even on another machine (if identical network interface names, otherwise you have to setup your NIC's again).
Patching ? What do you mean ? You are aware of the fact that pfSense lives on github, which means sources are available ?