IDS/IPS on seperate hardware from router

Started by mni, March 10, 2021, 06:52:31 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 10, 2021, 06:52:31 PM
Hello, total beginner with OPNsense. Just ordered an APU2 board with 3 NICs for my home network, 250/250.
Would like to set up OPNsense and preferably some IDS/IPS to learn network security/monitoring. From what I understand the APU2 board has not enough CPU power do to real time traffic analysis. I have a Proxmox server running with a comet lake intel i5. Is it possible to offload the network analysis to my server somehow?
March 10, 2021, 10:41:49 PM #1
Maybe you have a switch with mirror port functionality
Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de
March 26, 2021, 01:01:14 AM #2
I used to run a APU2C4 board - It ran Suricata just fine but took some tweaking and careful rule selection.

As above, you'd want to configure a port mirror (aka SPAN). Then you can use something like an all one package such as SecurityOnion.
Print
Go Up Pages1
User actions