[Oisf-users] Interoprability of Suricata with commercial firewalls

carlopmart carlopmart at gmail.com
Tue Feb 2 14:50:35 UTC 2010


Matt Jonkman wrote:
> I'd like to reinforce that we're definitely considering that, and ideas
> are very welcome.
> 
> At the very minimum we'll work to make suricata snortsam compatible. But
> it's very possible that we'll move some of that snortsam functionality
> into the suricata engine itself under the IP Reputation umbrella.
> 
> Do you see more detailed or more expansive functionality that snortsam
> of interest, or do you have more ideas there?
> 
> Matt
> 

Uhmm ..no at first development stage. I think it is very important to 
develop/integrate IPS Suricata's features with some firewalls. For example with these:

  - Iptables
  - PF based firewalls
  - CheckPoint
  - StoneGate
  - ┬┐Cisco ASA?


  Another interesting point to consider could be the integration of Suricata's logs 
and alerts under Management servers in the case of stonegate or checkpoint, for example.

  As an example, with stonesoft's SMC server this can be done using logging profiles 
for third party devices features, like stoneblog shows:

  - General url: http://stoneblog.stonesoft.com/stoneblog-community/files/
  - Cisco logging profile: 
http://stoneblog.stonesoft.com/wp-content/uploads/2010/01/ciscoasa_logging_profile.zip
  - Snort logging profile (using syslog): 
http://stoneblog.stonesoft.com/wp-content/uploads/2010/01/snort_syslog_logging_profile.zip
  - Sonicwall: 
http://stoneblog.stonesoft.com/wp-content/uploads/2010/01/sonicwall_logging_profile.zip

  What do you think??



-- 
CL Martinez
carlopmart {at} gmail {d0t} com



More information about the Oisf-users mailing list