[Snort-users] Central Server

Eric J. Taylor ETaylor at ...17679...
Thu Nov 17 00:08:04 EST 2016


Good day,

Hope all is well with everyone. New to sort and the ids/ips world, but looking forward to have more secure network(s).

I hope this is a easy answer to my question today. Been reading through the docs, and I see no mention about having a central server for multiple loctions. The locations are not joined in any fashion, as in seperate companies all together. If I was put a central snort box and connect the firewalls (mostly mikrotik) to the central server, is there any special gotchas or considerartions I need to review? I also don't know how much traffic is really sent over the WAN for analisis either. As a couple of sites use the same subnet schema, I will have to consider some changes at the locations to support IPSec from remote site to central server; if IPSec between locations is recommended.

And please, if I am over looking this part in the documents please point me to it as I don't see it currently.

Thanks in advance for your time and helpfulness as I try to figure this puzzle out.



P.S. Any grammar or humorous statements is courtesy of Android.


Eric Taylor
Owner | Veterinary IT Support Specialist
800-324-9941 x1005
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161117/0408afd0/attachment.html>


More information about the Snort-users mailing list