[Snort-users] Use of the var HOME_NET in a DMZ

Byron Pezan byron at ...13322...
Mon Jun 27 15:44:18 EDT 2005


I currently have a DMZ with multiple entry points and snort listening on
the internal interface of all of the entry points.  I also have snort
listening on the internal interface of the choke firewall.  I am
wondering what would be considered to be the best practice in terms of
configuring the HOME_NET variable.  Should each entry point have the DMZ
subnet set as the HOME_NET and the choke firewall have the internal
subnet(s) as the HOME_NET?  Or should the entry points and choke
firewall all have HOME_NET defined as the DMZ subnet and the internal
subnet(s)?

TIA

byron




More information about the Snort-users mailing list