Suricata Network IDS/IPS Installation, Setup, and How To Tune The Rules & Alerts on pfSense 2020

This is crazy, installed pfsense 2 days ago, installed suricata yesterday and watched your old video this morning... And here we are with a fresh take on that old video :-D Nice job :-)

Kieeps

Thank you Tom. A complete security video would be great.

mmobini

Another perfect video to get my PFSense Firewall even better! Thank you.

mattcero

Serracada and Snort are both great products, I visit my logs files once a month to retune, or if my new soft phone doesn’t work as expected, ohh the joys of home working. 🤣

BillyDickson

Well done and great tips. Glad you explained the value of subscription services, the realities of encrypted traffic, etc. Thanks for the video.

greggcollins

Just the video I need. Was thinking of changing from snort just to, because. Your last suricata video was a bit old. Perfect timing! 👍

michaeljaques

The “I AM ROOT” t-shirt made me laugh pretty hard

bullittstarter

Nothing about security is ever set it and forget it. Security is a process, not a destination.

esra_erimez

Hi Tom, it seems you want to enable blocking on the WAN interface. If for example someone runs an aggressive NMAP scan against your public address, and you have NAT'd VLANs configured in your network, the corresponding VLAN interface within Suricata will show the source IP of the attack as the private VLAN gateway address and the destination address will be that of the machine with the open port. If you are set to block only on the VLAN interface, then the attacker never gets blocked since the original public source address isn't captured (assuming default pass lists are enabled). Help me understand if I am mistaken here. Love your videos, keep up the great work!

seth

Wow that was fast. I believe you mentioned you were going to make some videos around this on your podcast/ stream last week! Didn’t expect them so quickly! Interested in these next few videos!

charlescc

Thanks! Very helpful. Took me a min to realize that blocks on one interface block everywhere. Thought it was a glitch.

chromefinch

Omg thank you!! I wanted an updated video lol.

colt

Good video and quality content! you should have way more subscribers

sammo

Great video, would love to see how I could setup kubernetes behind my pfsense firewall! Thanks Lawrence.

jdizzle

Hey, thanks for this video. It reminded me to look at this. I set it up from your previous videos but, I haven't been tuning it in a while. A revisit was indeed due. (Unrelated, I loves me new T shirt cheers.)

notpublic

How do we disable rules on a per IP address basis? You may want to allow certain IP addresses but block others for the same rule.

mmobini

Thanks for the demo and info, have a great day

chrisumali

Tom again Thank you for this updated video of installing en setup Suricata! I have a question, make it sense to install Clam AV (package in Squid) as an antivirus in PfSense ?

michnl

Total (Dutch speaking) noob here, but planning to go pfSense with unifi switch/AP's. So both (pfSense and Unifi) have this IDS/IPS options. Should I enable them both or not? Will they conflict/double negative like? Or if enabled at pfSense it will pass it to unifi? Or...??? 😀 Thx... greetings from Belgium!

ASUSfreak

Thanks awesome video, I would like to see a video about Suricata in Selks.

fredyyessielmoranfrias