[Snort-users] Snort Placement

Paul Ryan pryan at ...12374...
Sat Oct 9 12:53:53 EDT 2004


I was hoping to get input on the best placement of my snort box.

This box is to be used to track traffic to the Internet from my corporate
LAN. The traffic traverses a PIX before hitting the Internet, subsequently
all outside destined traffic is NAT'd to one public IP.

If I place on the outside of the firewall - all source IP's are the NAT,
which is useless is tracking offenders on my LAN.
Placing it before the PIX - brings up some challeges ...

The PIX has a Inside, DMZ and Outside interface.

What do u think ?

Regards,

paul






More information about the Snort-users mailing list