Hey, this is awesome. I am following everything. i have a quick question. how did you connect your mirroring. i know you said it but am confused how you connected the mirror. Thank you.
Hey, nice job. I have a sort question. can you explain here what i should put on the pfsense 3 interfaces ? One is on NAT or something for WAN , second is on LAN (created custom) and the last one is on MIRROR (custom created also) ?
thanks for this! it's really helpful. May I ask on that setup. Do you also configure firewall rules on the pfsense ? Or we can do it on the security onion using IDS/IPS? Thank you! All the best!
Thank you for the video But let me give you my opinion. You did a very long video to explain one single concept but in fact even that single concept was not clearly stated in the video Now from what I sow, it seems that If I created a new interface on pfsense without setting an IP for that interface, it will act as a mirroring port, was that correct? If so, you should say that clearly in the video to avoid confusing the audience, if what I assumed is not right then you did not explain what should be done on pfsesne. Thank you again, those comment just to improve the way you deliver a tutorial
I appreciate your feedback. Seriously, I want to hear more of this. This was a long time ago and I have worked very hard to get straight to the point and make videos short. I will keep improving but please do let me know if you see this in any of my recent videos
@@ITSecurityLabs Hi, did you have to create another interface called OPT2 Bridge 0 (LAN Mirror) that bridges between LAN and the Mirror interface as shown in 5:02
@@ITSecurityLabs Hi, It was a very well done presentation with great precision for the most part but for those of us running VirtualBox what would be the equivalent of a mirror interface? There is no option for mirror when selecting a network interface in VirtualBox.
You need a decent amount of RAM, say 32, Security Onion can be a resource hog, so a decent amount of CPU is desirable, them storage depends on the amount of data that you are ingesting. For me, i have two environments, one is an actual server cluster with 3 Dell Poweredge 720s, running vmware, K8 and Openstack. Thats overkill for most people, but each host has 48GB of RAM. Then i have my desktop, which is the minimum for me, with 24GB of RAM, a decent processor and 1TB SSD. You can get by with less, but i suggest at least 16GB of RAM and a dual core processor will suffice.
@@ITSecurityLabs woooow! thats some serious rig over there!.. i wont get away without spending a grand or more to have that... can you recommend other (light weight N/HIDS) that would be good all in one on a desktop platform. sorry for being unreasonable still practicing here.. had my unit hacked so many times.. and i need to address it quick, can you recommend an approach for my case?
I.T Security Labs will a Ryzen 3600 with 32 GB RAM and 2 Nvme SSDs be able to run this + a domain controller and one or two vulnerable servers? How about zeek, Rita etc?
![[LIVE] : ONE ลุมพินี 86 | คู่เอก "คมเพชร vs ชาติพยัคฆ์"](http://i.ytimg.com/vi/m3q_dRYDuU8/mqdefault.jpg)
How do you setup the mirror interface in pfsense?
Nice videos! I enjoy watching and learning a lot from you :) Hopefully I will get time to test this in my own network aswell :) Keep up the good work!
Thanks
can you please tell me how to make the mirror network and the configuration of the span port?
i'm also lookingfor this instruction
@@mariaj9925 Did you guys ever end up figuring that out? I am wondering the same thing right now
@@mariaj9925 here a few years later same question :) HAHA
Hey, this is awesome. I am following everything. i have a quick question. how did you connect your mirroring. i know you said it but am confused how you connected the mirror. Thank you.
Hey, nice job. I have a sort question. can you explain here what i should put on the pfsense 3 interfaces ? One is on NAT or something for WAN , second is on LAN (created custom) and the last one is on MIRROR (custom created also) ?
thanks for this! it's really helpful.
May I ask on that setup. Do you also configure firewall rules on the pfsense ? Or we can do it on the security onion using IDS/IPS?
Thank you!
All the best!
Yes, you can configure firewall rules on pfsense , as long as you leave your WAN interface on the defaults, you will be fine .
Thank you. Hoping for pfsense tutorial as well
Security Onion host, do the NIC connected to Mirror/SPAN network have an IP address?
Thank you for the video
But let me give you my opinion.
You did a very long video to explain one single concept
but in fact even that single concept was not clearly stated in the video
Now from what I sow, it seems that If I created a new interface on pfsense without setting an IP for that interface, it will act as a mirroring port, was that correct?
If so, you should say that clearly in the video to avoid confusing the audience, if what I assumed is not right then you did not explain what should be done on pfsesne.
Thank you again, those comment just to improve the way you deliver a tutorial
I appreciate your feedback. Seriously, I want to hear more of this. This was a long time ago and I have worked very hard to get straight to the point and make videos short. I will keep improving but please do let me know if you see this in any of my recent videos
Can you explain how to do the mirroring
patrick silwimba I do explain that in the video. Do you have a particular port setting that I did not address ?
@@ITSecurityLabs Hi, did you have to create another interface called OPT2 Bridge 0 (LAN Mirror) that bridges between LAN and the Mirror interface as shown in 5:02
@@ITSecurityLabs Hi, It was a very well done presentation with great precision for the most part but for those of us running VirtualBox what would be the equivalent of a mirror interface? There is no option for mirror when selecting a network interface in VirtualBox.
sorry to see that those most important tasks in pfsense configurations are missing.....
How can I enable promiscuous mode in Host-only mode in VMWare workstation pro 15 to set up my sniffing interface in security onon
what would be the minimum rig to run this stuff using these virtuals?
You need a decent amount of RAM, say 32, Security Onion can be a resource hog, so a decent amount of CPU is desirable, them storage depends on the amount of data that you are ingesting. For me, i have two environments, one is an actual server cluster with 3 Dell Poweredge 720s, running vmware, K8 and Openstack. Thats overkill for most people, but each host has 48GB of RAM. Then i have my desktop, which is the minimum for me, with 24GB of RAM, a decent processor and 1TB SSD. You can get by with less, but i suggest at least 16GB of RAM and a dual core processor will suffice.
@@ITSecurityLabs woooow! thats some serious rig over there!.. i wont get away without spending a grand or more to have that... can you recommend other (light weight N/HIDS) that would be good all in one on a desktop platform. sorry for being unreasonable
still practicing here.. had my unit hacked so many times.. and i need to address it quick, can you recommend an approach for my case?
@@Hester741 I think 16GB of RAM, a dual core processor and 500GB HD will do.
@@ITSecurityLabs thanks mate!
I.T Security Labs will a Ryzen 3600 with 32 GB RAM and 2 Nvme SSDs be able to run this + a domain controller and one or two vulnerable servers? How about zeek, Rita etc?