[Snort-users] Home_net/External Net question
adidas30 at ...131...
Wed Sep 8 13:36:20 EDT 2004
I have 2 firewalls, each monitoring 3 subnets.
Subnets a, b, and c and VPN pool1 are going out/coming
in though firewall one.
Subnets d, e, and f and VPN pool2 are going out/coming
in though firewall two.
On my sensor inside of Firewall 1 HOME_NET is
On my sensor inside of Firewall 2 HOME_NET is
EXTERNAL_NET on both are !$HOME_NET
I often get ICMP and other rules that trigger going
from either [a,b,c, vpnpool1] to d,e,f,vpnpool2] even
though they are both really my "home" network.
Here comes my question. Should I keep everything the
way it is. OR should I:
a) keep the home_nets the same but make a new variable
called entire_home_net and include all 6 subnets and
both vpn pools and negate THAT for the external_net
b) add subnets a-f and both vpn pools to the home_net
var on each sensor (i don't think so)
c) a third suggestion
REPLY TO: adidas3 at ...549...
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
More information about the Snort-users