Firewalla Gold

[coxhaus]

Marketing of what, @coxhaus? You can run Snort and Suricata on multiple platforms. It doesn’t have to be pfSense. It’s just a easier there and GUI configurable. And yes, you can scan your outbound traffic, if you want to. You can scan that guest VLAN only, your choice.

So you are saying you click on something in the pfsense GUI that says it will scan outbound traffic? Lets stay focused on pfsense.

 

[coxhaus]

Time is up, you don't know as you have never run it. Post out there so you can have someone tell you.

 

[Tech9]

Wait for someone else to answer this question for you. It will be 3rd time answering for me.

 

[coxhaus]

Wait for someone else to answer this question for you. It will be 3rd time answering for me.

Thats because you have not run it for real. I can tell you more than what you are telling me, and it has been a long time since I ran it. I know the process and you don't. Clicking maybe involved but what is the process?

 

[Tech9]

Thats because you have not run it for real.

I was about to make series of screenshots for you when I get back home, but obviously you know better. No point wasting my time anymore. Good luck.

 

[coxhaus]

No, we are done with that conversation. I don't need good luck as I won't run pfsense again. Lots of other things to look at that I don't know.

 

[Tech9]

Lots of other things to look at that I don't know.

Add pfSense to the things you don't know. Actually, turns out what you are asking for is the default configuration. Zero extra clicks.

My configuration is different. This conversation refreshed my memory about why I disabled Suricata on LAN and run it on WAN only for specific ports. In general it has to run on LAN and not WAN since the firewall drops incoming connections anyway, if no open ports. But it defaults on WAN + LAN after installation. So the proper thing to do is to "unconfigure" the WAN, in most cases. Unless someone want to enjoy the logs.

 

[coxhaus]

Add pfSense to the things you don't know. Actually, turns out what you are asking for is the default configuration. Zero extra clicks.

My configuration is different. This conversation refreshed my memory about why I disabled Suricata on LAN and run it on WAN only for specific ports. In general it has to run on LAN and not WAN since the firewall drops incoming connections anyway, if no open ports. But it defaults on WAN + LAN after installation. So the proper thing to do is to "unconfigure" the WAN, in most cases. Unless someone want to enjoy the logs.

I don't think so as we are talking IPS which you posted above at the start of this and this means you need automatic blocking on outbound. Base install just sends alerts with no blocking.

You work on it. I don't need any more info as I am done.

 

[Tech9]

I don't think so

You are free to think differently. When was the last time you run pfSense with Snort or Suricata?

Base install just sends alerts with no blocking.

Ah, okay- few clicks extra work. Please, don't run pfSense. There are other options around easier to configure. Thank you for wasting my time.

 

[coxhaus]

I told you time was up. You did this on your own.

I still believe you don't have a good understanding of it.

 

[Tech9]

How old are you, @coxhaus? I don't understand your behavior.

What's the point of this conversation? You don't want something - fine! Do whatever fits best your needs.

 

[coxhaus]

You are the one that started this. Your vocabulary was pretty much limited to clicks.

 

[Tech9]

You are the one that started this.

Started what, @coxhaus? You asked a question in post #33 and I give you an answer in post #34. What's wrong? Do you want me to write a guide for you how to setup Suricata or Snort on pfSense? It's already available online. It's Saturday and I was with my family in Niagara Falls. How fast do you want to get the answers to your questions? Do I look like Snort, Suricata or pfSense support to you? Come on... relax and have a good night! Okay?

 

[coxhaus]

In post #27 you stated IPS which from there you countered everything I pretty much said with you stating all you need was a couple of clicks. Which with that vocabulary of clicks, has no real meaning and still doesn't other than an action.
I hope you learn your product sometime.

 

[Tech9]

I hope you learn your product sometime.

Listen, I'm really trying to help you. If you want and when you are ready, I can remotely configure your pfSense firewall using GUI only the way you want it, in front of you, with explanations what, where and why. It can run on a PC with single NIC, you don't need to purchase hardware. Or on a virtual machine, same thing. I can do that for you on Mondays after 10am. This is a serious offer. There is no way to describe to you firewall configuration with simple words and instructions. pfSense has hundreds of settings. We can focus on Snort and Suricata only though. You never had a choice with locked down Cisco equipment. pfSense gives you a choice, but for some reason you refuse to take advantage of it.

 

[Tech9]

By the way @coxhaus, have you seen this and do you know what it is?

One click auto configuration. Available on $90 device from Amazon. Free lifetime signatures updates.

 

[dave14305]

Pick one:

https://www.snbforums.com/members/coxhaus.5292/ignore

https://www.snbforums.com/members/tech9.75320/ignore

 

[Tech9]

@dave14305, I don't want to ignore @coxhaus. I'm offering help and I'm ready to spend the time needed to show him some options he doesn't believe exist. Firewalla is one option, but I don't have this device and I don't know what it does. Untangle is another, but tied to recurring payments. I'm not pfSense expert, but what @coxhaus is looking for is not hard to do in pfSense. I also use help for more complicated setups. Post #56 shows what options other people have and use. Not the best, but cheap and with no subscriptions. The security company behind it is a big player in this business. No bad intentions here. And I'm not selling or promoting anything. I see another option in your signature, but had no time to play with it, not enough knowledge.

 

[coxhaus]

This guy is turning into a nut.

I run everything with my Cisco layer 3 switch.

 

[Tech9]

Ignore it is. Getting tired of retired.