[Oisf-users] Suricata as IPS under OpenBSD
carlopmart at gmail.com
Thu Dec 10 16:21:03 UTC 2015
On 12/10/2015 04:10 PM, Victor Julien wrote:
> I'm not aware of any work in this area.
I will try to explain. I've got a pair of OpenBSD CARp'ed firewalls
redirecting some type of traffic to a host running Suricata. This
scenario works without problems, but only as an IDS.
We have some signatures that we need to deploy inside these firewalls
to block certain type of traffic.
There is some options here:
a/ Deploy a third host with some linux distro installing Suricata as IPS.
b/ Use these firewalls to act as an IPS.
c/ Deploy two linux hosts with HA using Suricata as an IPS
With option a/ I haven't HA (high availability), and with option b/,
I've got HA.
And I don't know how can I accomplish option c/, (and I don't konw if
its possible, also).
More information about the Oisf-users