[Oisf-users] Using Suricata with OpenBSD HA Firewalls
C. L. Martinez
carlopmart at gmail.com
Tue Nov 29 08:13:00 UTC 2016
On Mon 28.Nov'16 at 7:25:47 -0800, Brian Keefer wrote:
> If you’re running for only IDS, not IPS, you could use a dup-to rule on each firewall to send all traffic to another IP, which should probably be on a third box/instance. Run Suricata on that box.
>
> I’m probably not explaining it very well, but he’s an example of a similar setup: https://taosecurity.blogspot.com/2005/07/distributed-traffic-collection-with-pf.html
>
Thanks Brian. dup-to is an option, but not at this time. The best option is to use divert-to under OpenBSD, but If I am not wrong, suricata doesn't support it at this time.
--
Greetings,
C. L. Martinez
More information about the Oisf-users
mailing list