From owner-freebsd-amd64@freebsd.org Thu May 31 10:09:26 2018 Return-Path: Delivered-To: freebsd-amd64@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EACADEFC981 for ; Thu, 31 May 2018 10:09:25 +0000 (UTC) (envelope-from tdteoenming@gmail.com) Received: from mail-yb0-x241.google.com (mail-yb0-x241.google.com [IPv6:2607:f8b0:4002:c09::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 841DC7BCE2 for ; Thu, 31 May 2018 10:09:25 +0000 (UTC) (envelope-from tdteoenming@gmail.com) Received: by mail-yb0-x241.google.com with SMTP id l2-v6so7388086ybp.8 for ; Thu, 31 May 2018 03:09:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=/9YAXReHcIZ1vT91pp8R+H25j/CSZ+AmhwNU+TEmLeo=; b=gVv3gT2spQkES9g9fB6ydcqsfG6npPqeyglVOR/xfoTIdrZl+u+K5ZnSvMMMqKqNbv sFHhcnF+BASLHDFnDpRAjGBkzR4Exn/N9ccMkYKEIQ0y7iLnsPPMjbtsIhnLxjlJZVdj RGwnRBWb2Kno+ZqTyHfT6joOFUrJOjfhDPyvkEoHi/4AYUlkhULDgftOJVENMchYdEI5 /OdXTe1N+KTagjmV1OmeFoPBEaM+6KW8Z/jnBkvMLj3EkavuOsGsoxvmykO3pDUmTcDF 3tGesqGyQdUU+URTmEO3xIg6QUVx6ZDhm5eKYqdapNm7asPzTizqdvWFiflp976hMqD9 D8Tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=/9YAXReHcIZ1vT91pp8R+H25j/CSZ+AmhwNU+TEmLeo=; b=oDZ2CyhrvnBunw4/JsFH3kalQNnJSdmQ2U6h71RJSmO3XRNS7RvJrXQP8pRxZ2fxjT +/u/WZk61AkfBo224fquEaVnHZrQIbhTUEH+Wr1iSUuyNsp2KC6NisJCgwjKHi5863xO ncoFcyudu2aqJzRaI2TgrSL8zlpSpEflrj9ha6Y8kLF6/bBOOh3140KOCoHUwk5y3kS5 Pp5LxjZB9qt7WntCGuYyq+iRXVcw4ZBhzjp2i4b7xanSgR5SqoMFMeMMqJaXhDWAGhjm DNQMXsUXU5bljsL3KZ6ropEQ4w+cVvadddhbkRAojCd33eiYFbTsmfYbuCoBNQxzxA/I b/5Q== X-Gm-Message-State: ALKqPwdF84Z05y2965ONqqflcXjvGApXthTvrvSSHQ4rglq305JZHEJX 4ufpQZAMDRQSvlR6w4jl3YgHEM23LHrCQVHg+R9a X-Google-Smtp-Source: ADUXVKJOdKLHqkaY8Gpg2OH7lHYO16XDvuLlzCig1hCYJDWQAxE3zD9g1gtTbPbJ0qBgbp2hhcsMhg/CZKX3YrpQLx0= X-Received: by 2002:a25:c655:: with SMTP id k82-v6mr3440176ybf.354.1527761364791; Thu, 31 May 2018 03:09:24 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:cb42:0:0:0:0:0 with HTTP; Thu, 31 May 2018 03:09:24 -0700 (PDT) From: Turritopsis Dohrnii Teo En Ming Date: Thu, 31 May 2018 18:09:24 +0800 Message-ID: Subject: Is pfSense the Best Open Source Firewall/IDS/IPS in the World? To: freebsd-amd64@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-amd64@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Porting FreeBSD to the AMD64 platform List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2018 10:09:26 -0000 Good Afternoon Everybody from Sunny Singapore! Four months ago, somewhere around 17th January 2018, I deployed my very first installation of pfSense firewall Community Edition version 2.4.2 on my 9-year-old home desktop computer (Intel Pentium Dual Core E6300 @ 2.8 GHz, Intel DQ45CB Motherboard, 6 GB RAM and 1 TB SATA Harddisk). More recently, on 25th April 2018, I have upgraded my home-based pfSense network security appliance to Community Edition version 2.4.3. As my primary focus is on Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), I have Snort installed as well. Since 17 Jan 2018, I observed that I have been getting very few and trivial Snort intrusion alerts. To my horror, I discovered that I did not enable all the Snort rules for all of my network interfaces. That was yesterday, 30th May 2018. Without wasting much time, I had swiftly enabled all the Snort rules for every one of my network interfaces. >From then on, I have been getting more exciting Snort intrusion alerts. My questions are: (1) Is pfSense, coupled with Snort, the best open source firewall/IDS/IPS in the world? (2) Is pfSense on par with commercial network security appliances, including but not limited to Cisco ASA, Cisco Sourcefire, Fortigate, SonicWall, etc? (3) Is Snort able to detect malware and ransomware before they reach the endpoints? Seems like Emerging Threats Pro (ET Pro) signatures at proofpoint.com are able to. How much are you required to pay for these signatures? (4) Where can I get quality guidance on configuring Snort in pfSense? I have searched Amazon AWS Cloud Marketplace and Microsoft Azure Cloud Marketplace. Only pfSense firewall is listed. I cannot find opnsense firewall anywhere. Same goes for GNS3 network simulator. pfSense firewall is based on FreeBSD 11.1. Please advise. Thank you very much. ===BEGIN SIGNATURE=== Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 30 Oct 2017 [1] https://tdtemcerts.wordpress.com/ [2] http://tdtemcerts.blogspot.sg/ [3] https://www.scribd.com/user/270125049/Teo-En-Ming ===END SIGNATURE=== Time stamp: 31st May 2018 Thursday 6 PM Singapore Time GMT+8