pfsense With Suricata Intrusion Detection System: How & When it works and What It Misses

Some enterprise firewall solutions are already supporting TLS 1.3 MITM inspection with similar Proxy methods. Works great when protecting servers and workstations that you own and manage. But in general my stance is edge is important to protect but it isn't enough!

After installing Suricata and setting up some basic screening, I am amazed by the number of attempts to compromise my system. Between SIPvicious, bad reputation countries, and MSQL attempts, I have blocked 138 IP addresses in the first 24 hours. Thanks for the video.

Thanks for another great video. You’ve covered most of this before and it’s unfortunate there no easier answers these days. You’ve covered DNS blocking which fortunately still works even with https, SSL, etc.

You need to write a book on computer/network security.****

A "little" worrying tbh, but great to have the information. Thank you.

Put it between nginx and server with nginx providing ssl

Deep packet inspection has been part and parcel of IPS systems for quite a few years now. Not sure if you have deployed IPS with SSL decryption and rencryption baked in, but it is pretty much standard in large enterprises.

how about decrypt https on proxy? I tested to configure HAproxy ssl offload on frontend, which forward traffic to http backend. Traffic between frontend and backend would was in vpn tunnel. Surricata was inspecting vpn interface on pfsense. Is it bad idea? It was working suricata could inpect traffic, but i am not sure from security perspective if it is save to send http traffic in vpn tunel between pfsense and web backned in internal network.

Does suricata not have the ability to provide a certificate to install on your endpoints so it is part of the trust chain and can decrypt the TLS traffic? I

I recently tried to switch my main pfSense fw at home over to OpnSense for the ease of use and updated UI, but Suricata is preventing me as it has an absolutely terrible implementation on Opsense with no sensible way to be managed (as compared with pfSense with Snort) without manually going over the thousands of rules one by one. I'm not really complaining though, my pfSense setup is running rock solid.
Im commenting before watching the video (sorry)

Wow.. you look slimmer. than the previous video.
Good Video Content tho.

So what can I do to secure my whole network if I already have pfsense deployed? I'm using suricata, pfblockerng and i'm routing everything over a vpn already.

Can I use pfsense to middle box my entire network so IDS stands a better chance?

Great informative video!

Shouldn't your website redirect any http traffic to https? My company website is setup like that! So you shouldn't be able to get back http request right?

It's funny how full circle the OPSEC has come. We started off with almost no tools 30 years ago and instead did end-user training. Then the tools came and everyone was like "Yay, rules and regex's" Now it's like "Naw, go to jail collect $200" start at 0, Be kind Rewind 3 decades.

Great video, so we can say, the IDS and IPS are pointless,

Like the video. But more Tesla videos

Switched from pfSense to Untangle last week, it's much better , for $50 annually

nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use) can u help me fix this?

Great content as always.
Oh, and wow I got here first! :-)