Handling firewall rejected packets in SNort IPS

[VES Education <veseducation () yahoo com>]

Hi,

This is very basic qtn on Snort IPS. Over last few days,I couldn't find answer on net. Our intention is find packet 
flow in our application.

We would like to use Snort IPS( Currently we use Snort IDS). If we go for inline mode, whether all incoming packets 
would be placed in NF queue by firewall. Suppose a packet is getting rejected in firewall layer how Snort IPS will come 
to know it.

As per current my understanding, if a packet is rejected in firewall, it will not go to SNort IPS. Hence IDS feature is 
missing in Snort IPS mode.

That means we need to use both Snort IDS mode and inline mode. Is that possible to run two instances of snort in 
different modes in same machine.

In project review , there was qtns on Snort IPS mode vs firewall packet flow regarding performance/IDS features in IPS 
mode. Can you please share some inputs/reference  on packet flow especially if packet itself rejected in firewall.

In snort user manual I was not able to find solution for given context.

Thanks,
B.Vijayakumar Athithan

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!