[Snort-openappid] Using Snort on pfsense
cjuillerat at ztlsd.org
Fri Apr 20 14:03:01 EDT 2018
No, I am not doing SSL Decryption. Even if I am not doing decryption, I
should still be able to see websites that users on our network are
visiting. For instance, on other firewall manufacturers devices, it might
show up as Facebook.base or Netflix.base
Cory Juillerat, M.S.
Director of Technology
*Email:* cjuillerat at ztlsd.org
On Fri, Apr 20, 2018 at 1:52 PM, Frederic Lubrano <
frederic.lubrano at gmail.com> wrote:
> Hi Cory, you use on pfsense squid in no transparent mode?
> best regards,
> Le ven. 20 avr. 2018 19:31, Cory Juillerat <cjuillerat at ztlsd.org> a
> écrit :
>> Good afternoon,
>> I decided to recently try Snort mainly for the App ID capability.. I work
>> at a school so students are always using social networking apps and
>> streaming media apps. I created the WAN interface and started the Snort
>> process on this interface. I am using the predefined balanced IPS policy
>> and I also placed a check in all of the check boxes underneath Snort
>> OPENAPPI Rules and Ruleset: ET Open Rules.
>> Now onto the issue I am having.. When I go to the alerts tab, most of
>> what I see is Chrome and http traffic underneath description. There are no
>> social networking or streaming services populating, even though I know
>> people are using them. Does the free subscription just not have the most up
>> to date App ID's, so nothing is coming up?
>> Thank you,
>> Cory Juillerat, M.S.
>> Director of Technology
>> *Phone: *740.772.7667
>> *Email:* cjuillerat at ztlsd.org
>> Snort-openappid mailing list
>> Snort-openappid at lists.snort.org
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-openappid