[Oisf-users] Suricata as IPS under OpenBSD

C.L. Martinez carlopmart at gmail.com
Thu Dec 10 16:21:03 UTC 2015


On 12/10/2015 04:10 PM, Victor Julien wrote:
> I'm not aware of any work in this area.

I will try to explain. I've got  a pair of OpenBSD CARp'ed firewalls 
redirecting some type of traffic to a host running Suricata. This 
scenario works without problems, but only as an IDS.

  We have some signatures that we need to deploy inside these firewalls 
to block certain type of traffic.

  There is some options here:

  a/ Deploy a third host with some linux distro installing Suricata as IPS.
  b/ Use these firewalls to act as an IPS.
  c/ Deploy two linux hosts with HA using Suricata as an IPS

  With option a/ I haven't HA (high availability), and with option b/, 
I've got HA.

  And I don't know how can I accomplish option c/, (and I don't konw if 
its possible, also).



More information about the Oisf-users mailing list