Dedicated Suricata PC on home lan

Eddod · November 6, 2022, 10:33am

Hello,

PC is a x86 3.2ghz, 8gb ram, 1x1Gbit rj45, 2x10gbit rj45 port device. Network topography is simple: internet <-> opnsense router <-> managed switch <-> clients.

Where in the network would you preferrably place a device like this?

internet <-> opnsense router <-> NDIS <-> managed switch <-> clients.
internet <-> NDIS <-> opnsense router <-> managed switch <-> clients.

Also, management of NDIS device would happen through a third network interface on the device or through the monitoring interface?

Are there any recommendations for a dedicated management web interface for Suricata or plain cmd line only?

Jeff_Lucovsky · November 7, 2022, 6:53am

Hello Ed,

Your Opsense device is likely running Suricata already so I’d suggest that first.

Eddod · November 7, 2022, 3:40pm

Yup, it can but it s “front end” inside OPNSense and pfSense is a bit arcane. I was thinking of running it on a separate box with IDSTower as a management interface.

Andreas_Herz · November 9, 2022, 7:10am

Well it depends on what you would like to see. Ideally you have both sources, the one between the WAN and the router and also within the network between the router and the clients, especially with NAT for IPv4.

Topic		Replies	Views
Architecture help Help ips , community , centos	2	1093	November 29, 2020
Suricata on VirtualBox host Help ips , pfsense	6	2634	September 21, 2020
[new to Suricata] Where do I put my Suricata in my network? Help	1	1966	June 23, 2021
$HOME_NET and multiple interfaces, plus deployment best practices Help	3	3581	June 27, 2020
pfSense - Allow All Traffic From Host Help ips	2	1615	July 27, 2021

Dedicated Suricata PC on home lan

Related Topics