Inquiries regarding Snort on pfSense
Inquiries regarding Snort on pfSense
Hey there, I'm just a beginner asking a few questions. Am I on the right subnet? Does the snort package work when running on another machine connected to the same network as PFense? Are there any missing components in the package? Can I customize the rules beyond what snort provides or PFense's built-in policies? What are the differences between those custom rules and PFense's firewall settings? Also, I have a quick follow-up: how can I test my snort setup to see more alert types like "Potentially Bad Traffic" or "Unknown Traffic"? I've tried visiting some known bad sites, but I'm curious about other attack scenarios. Thanks in advance!
Yes, instead of mirroring a switch port for traffic visibility, it will observe the router interfaces you select. 2. According to what I know, there’s no restriction on the number of rules, though UI capabilities might have limits. 3. You might locate exploit code examples and attempt them to test your skills—Kali Linux could be useful. For instance, set up a port forward from Kali to a device like PFSense and try connecting to it. Generally, many users favor Suricata for its speed while keeping the same rule set.