Thanks for the intro to the video going over some of the options... I'm setting my first pfSense instance and some of these were things I wanted to change but hadn't found them yet. I also setup Notifications with Telegram which was a snap (I'm using a telegram bot for another project so adding a second was super easy).
Thank you for the very informative video. I currently have pfBlockerNG, Suricata and Snort w/Subscription installed. I was wondering since pfBlockerNG checks both IP addresses and FQDN’s why do I need Snort or Suricata, they only filter on IP addresses. I understand that each of the installed programs have different rules sets, I assume pfBlockerNG would have a larger rule set then both Snort and Suricata combined, so pfBlockerNG makes Snort and Suricata redundant? Thoughts, comments?
What's your views on Untangle or Sophos XG, as for the home setup they're in the similar space. I originally started with pfsense, but wanted more Layer7 capabilities. I'm probably re-installing pfsense at some point as you're more likely to see it than Sophos XG or Untangle in the commercial space. A fellow Hampshire resident :)
Can you elaborate more on the DNSBL showing disabled even though it is enabled in settings? I am having this issue now and can't seem to find the solution anywhere.
You have "OpenVPN" selected as an outbound interface. Isn't it an inbound interface, especially when connected to your VPN server running on Pfsense? I that case you would be remotely logging in on your Pfsense. Would seem like an inbound interface to me rather then outbound.
Use the snort reporting to find what's being blocked and then you can allow the access by either removing the snort rule or adding a supress action on the blocked request to allow it.
@@matldn2697 The very first thing you should do is go to the INTERFACE SETTINGS tab for the interfaces where you have Snort running and turn off blocking. Then go to the BLOCKS tab and click the Clear button to remove all Snort blocks. Run with blocking disabled for several weeks to gauge your network traffic patterns, to see what types of false positives are happening, and to tune the rule sets you select. Only after you have tuned your rules and created necessary suppression lists (or disabled those rules entirely as appropriate) should you enable blocking again. Next, go read the official documentation here: docs.netgate.com/pfsense/en/latest/packages/snort/setup.html. That will show you how to configure the package, and most importantly, show you how to find alerts, blocks and Suppression Lists. Hope you manage to get things sorted. :-)
Thanks for all the videos you have done on pfSense, very easy to understand and follow along. Cheers!
Thanks for the intro to the video going over some of the options... I'm setting my first pfSense instance and some of these were things I wanted to change but hadn't found them yet. I also setup Notifications with Telegram which was a snap (I'm using a telegram bot for another project so adding a second was super easy).
Thank you for this ! Going to try this on Pfsense 2.5.
Great one, thank you.
Keep going
How to exclude a external public IP/specific IP on WAN side from snort in pfsense?
Thank you for the very informative video. I currently have pfBlockerNG, Suricata and Snort w/Subscription installed. I was wondering since pfBlockerNG checks both IP addresses and FQDN’s why do I need Snort or Suricata, they only filter on IP addresses. I understand that each of the installed programs have different rules sets, I assume pfBlockerNG would have a larger rule set then both Snort and Suricata combined, so pfBlockerNG makes Snort and Suricata redundant? Thoughts, comments?
Great video and as usual greatly delivered content. I was wondering if you planning on doing a Suricata video on a 2.5.2 setup? Many thanks.
also I have followed the guy, but even sites like speediest are blocked now, is there a good list of rules which don't do that?
What's your views on Untangle or Sophos XG, as for the home setup they're in the similar space. I originally started with pfsense, but wanted more Layer7 capabilities. I'm probably re-installing pfsense at some point as you're more likely to see it than Sophos XG or Untangle in the commercial space. A fellow Hampshire resident :)
Can you elaborate more on the DNSBL showing disabled even though it is enabled in settings? I am having this issue now and can't seem to find the solution anywhere.
You have "OpenVPN" selected as an outbound interface. Isn't it an inbound interface, especially when connected to your VPN server running on Pfsense? I that case you would be remotely logging in on your Pfsense. Would seem like an inbound interface to me rather then outbound.
Is it possible to do a separate tutorial on s an no snort please.
Cheers
Thanks, Will take a look at these utilities. Very interesting stuff
I cannot use speed test websites after installing Snort. Any help??
Use the snort reporting to find what's being blocked and then you can allow the access by either removing the snort rule or adding a supress action on the blocked request to allow it.
@@FrimleyComputing Thanks, I am completely new to Snort. Where is "snort reporting" and how do I allow speed test . net ?
Any help??
@@matldn2697 The very first thing you should do is go to the INTERFACE SETTINGS tab for the interfaces where you have Snort running and turn off blocking. Then go to the BLOCKS tab and click the Clear button to remove all Snort blocks. Run with blocking disabled for several weeks to gauge your network traffic patterns, to see what types of false positives are happening, and to tune the rule sets you select. Only after you have tuned your rules and created necessary suppression lists (or disabled those rules entirely as appropriate) should you enable blocking again.
Next, go read the official documentation here: docs.netgate.com/pfsense/en/latest/packages/snort/setup.html. That will show you how to configure the package, and most importantly, show you how to find alerts, blocks and Suppression Lists.
Hope you manage to get things sorted. :-)
@@FrimleyComputing Thanks. I will do that.
How I will by pass my IP from pfBlocker?
Great Video 👍 Thanks.. Are you using a 6 port or 4 port partaker type device by any chance? Rgds
I'm using this: www.qotom.hk/product/30-en.html
can you please tell me how to block torrent or b2b in pfsens ??
awesome
my pfblockerNG is different than yours :o