Posted by Wisiwyg on Oct 16, 2016; 3:22am
URL: https://itus.accessinnov.com/pfsense-equivalent-of-shield-in-bridge-mode-tp1117p1209.html

breda wrote

Hi, Wisiwyg what kind of box are you using?  pfSense, OPNSense,

Thanks

I was using pfSense for months, going along with each update. But the Suricata implementation has been lagging behind. So when I read about the OPNSense version, I clean installed over the pfSense installation.

My box is a SFF Dell Optiplex 790 i5 quad, 3.1ghz, 8gb, 240gb SSD, dual & single Intel NICs. Its kind of overkill, but I wanted to also add on a VPN later and didn't want to start on something that didn't have the horsepower to crunch everything.

So far, the OPNSense installation has been relatively easy to set up and tweak to get everything running. I have the GeoIP and Suricata IPS components turned 'on' and they seem to be working. The GeoIP part simply blocks entire countries - Russia, Ukraine, China, India, Pakistan - you get the picture. The Suricata component then examines what's left.

It isn't in 'production' yet - playing with it on a DMZ port passthrough. But it seems to be functioning in straight-up router mode. I haven't investigated bridge mode yet, but will eventually want that so I can keep the Parental Control functions of my Asus AC68U router that I really, really like.

My Shield is still in place  and it still 'dies' as Snort hits some memory limit and restarts. Its very annoying and inconvenient at times, such that I simply pull the plug and bypass the Sheld. I later go back and plug it back in.