Hi all,
I recently purchased a Pfsense firewall (Netgate SG-1100), and have it set mostly at default values, which all seemed sane for my use case (maybe some things I missed or didn't understand, so advice is deeply appreciated). I've test driven Suricata, and it works fine on my device, but I'm also aware of the attention it requires to be effective.
Basic physical topology is Modem -> FW's WAN port...FW's "LAN" port -> internal wifi router's WAN port (ofc I have its firewall turned on as well, and overall I am confident that the device is as locked down as it can be, while still being powered on... It's a Linksys, after all). Clients on the internal wifi router are 2xGentoo laptops, an Android phone, 2xMedia devices, and a Windows desktop.
My home server is on the "OPT" port of the new firewall, which I put on same VLAN as the firewall's "LAN" port, so I can access it directly from the internal LAN. This way, any ports I forward to the server in the future will hopefully be pretty well segregated from my internal LAN.
I also set up the limited (2 ports) VLAN capability of my wifi router, so I can add some home automation stuff to those, which will hopefully help to segregate that traffic as well.
With all of that, I guess what I'm basically asking, is if the work/tuning needed to get the most out of Suricata is worth the reward, or if I'm pretty well covered as I have it now? Again: any other tips/advice are welcome.
Thank you for reading!
Is Suricata (firewall IPS) overkill for home?
Message
- statikregimen
- Apprentice
- Posts: 173
- Joined: Sat Jul 16, 2011 7:31 am
- Location: USA/Michigan
- Contact: