[Oisf-users] Using Suricata with OpenBSD HA Firewalls

C. L. Martinez carlopmart at gmail.com
Tue Nov 29 08:13:00 UTC 2016


On Mon 28.Nov'16 at  7:25:47 -0800, Brian Keefer wrote:
> If you’re running for only IDS, not IPS, you could use a dup-to rule on each firewall to send all traffic to another IP, which should probably be on a third box/instance. Run Suricata on that box.
> 
> I’m probably not explaining it very well, but he’s an example of a similar setup: https://taosecurity.blogspot.com/2005/07/distributed-traffic-collection-with-pf.html
> 
Thanks Brian. dup-to is an option, but not at this time. The best option is to use divert-to under OpenBSD, but If I am not wrong, suricata doesn't support it at this time.

-- 
Greetings,
C. L. Martinez



More information about the Oisf-users mailing list