Using pfsense as IPS IDS

[GARYK]

I have a Ubiquity UniFI USG3 as my current router.

ISP ---> USG

Can I place my pfSense in front of the USG and have it be my Suricata device?

ISP ---> pfSense ---> USG

The USG has the IPS IDS features but it can only handle up to 80 Mbps of bandwidth.
Can the pfSense Suricata feature handle high bandwidth of 400Mbps?
How do I configure the pfSense to only be a IPS IDS device?

Thank you,
Gary

 

[coxhaus]

Normally UTM devices run behind the router like Untangle. You might take a look see. It only costs $50 for home use.

I think you could make it work but that is not the normal way to setup traffic scanning.

You could setup a Snort system with your router.

 

[avtella]

I have a Ubiquity UniFI USG3 as my current router.

ISP ---> USG

Can I place my pfSense in front of the USG and have it be my Suricata device?

ISP ---> pfSense ---> USG

The USG has the IPS IDS features but it can only handle up to 80 Mbps of bandwidth.
Can the pfSense Suricata feature handle high bandwidth of 400Mbps?
How do I configure the pfSense to only be a IPS IDS device?

Thank you,
Gary

Depends on the hardware/CPU used in the pFSense box you build or buy, also if I’m not mistaken Ubiquiti uses Suricata internally. A decent Dual or Quad core AMD/Intel x86 CPU should be able to hit your required speeds. If I recall reading on reddit, a person mentioned their Netgate XG7100 which has a Quad Core Atom C3558, could reach gigabit speeds with Suricata.

 

[GARYK]

Depends on the hardware/CPU used in the pFSense box you build or buy, also if I’m not mistaken Ubiquiti uses Suricata internally. A decent Dual or Quad core AMD/Intel x86 CPU should be able to hit your required speeds. If I recall reading on reddit, a person mentioned their Netgate XG7100 which has a Quad Core Atom C3558, could reach gigabit speeds with Suricata.

You are correct, behind the curtain is Suricata.
This is good to hear, because the appliance I have pfsense on is a PCEngine APU 2 which can handle the traffic just fine.
Now I just need to learn how to configure pfSense to act only as a Suricata device and then pass on to the USG. You wouldn't happen to know how to do that would you?

Thanks the reply
G

 

[coxhaus]

If you want to route from pfsense then you need to create a pfsense gateway and route to Ubiquity. It is their way for handling layer 3 traffic. I think it would be easier to just run 1 router.

 

[avtella]

You are correct, behind the curtain is Suricata.
This is good to hear, because the appliance I have pfsense on is a PCEngine APU 2 which can handle the traffic just fine.
Now I just need to learn how to configure pfSense to act only as a Suricata device and then pass on to the USG. You wouldn't happen to know how to do that would you?

Thanks the reply
G

I unfortunately do not not know enough to help, I’m sure coxhaus or some of the others with more knowledge probably could.

 

[coxhaus]

Maybe google UTM IDS IPS. It will explain them to you. What you are looking for is a UTM IDS/IPS device not a router. pfsense is a router.