Re: dmz monitorin

[Alberto Colosi via Snort-users <snort-users () lists snort org>]

....................... I think u don't know what is snort and intercepting traffic and not only


it depends on what u need to do! usually even only in log mode if not in inline mode is set as a router with IP routing 
and different NIC with different NETs (subnetting).


If not but NOT AS INLINE , only as log of what happen u can use a copy port on ur switch .............


all depends on architecture and needs. Ask a good ITC NetWork & security Architect about ur doubts and needs.


................ is obvious that in routing mode u need to configure nets and routing in ur box.



________________________________
From: Snort-users <snort-users-bounces () lists snort org> on behalf of Cziple Csaba via Snort-users <snort-users () 
lists snort org>
Sent: Saturday, July 22, 2017 3:44 PM
To: snort-users () lists snort org
Subject: [Snort-users] dmz monitorin

Hi,

I m trying to monitor my dmz vlan with a dedicated snort host. My question is should i use a mirrored port ? Or the ids 
works if the host is part of that particular vlan.

Any help would be appretiated.
Csaba

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!