Re: Question

["Al Lewis \(allewi\) via Snort-sigs" <snort-sigs () lists snort org>]

Hello,

This looks like a question for the PFSense group.

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
Cisco Systems Inc.
Email: allewi () cisco com<mailto:allewi () cisco com>



From: Snort-sigs <snort-sigs-bounces () lists snort org> on behalf of Anthony Poretto via Snort-sigs <snort-sigs () 
lists snort org>
Reply-To: Anthony Poretto <porettoa () hamiltonschools org>
Date: Wednesday, August 25, 2021 at 8:09 AM
To: "snort-sigs () lists snort org" <snort-sigs () lists snort org>
Subject: [Snort-sigs] Question

Hello, I’m not sure this is the right place to ask my question. If this is not the correct place, I apologize! Can you 
please point me to the correct group?

I have SNORT running on pfSense 2.5.2 . I have an on-prem server that use ports 80/443 for the outside world to access. 
When users from the outside to access the site, it shows as unavailable. If I clear the BLOCKED HOST, it will work for 
a few seconds and fail. I created an aliases  and added the NAT address, the internal IP and domain name for it and it 
still seems to get caught by a rule. I have other on-prem servers that work fine for the outside and don’t get caught 
by SNORT. This is on the WAN interface. How can I fix or determine what rule is causing the block? Thanks!

Regards,

Anthony J. Poretto,
Technology Coordinator
Hamilton Township Public Schools
Mays Landing, NJ 08330
porettoa () hamiltonschools org<mailto:porettoa () hamiltonschools org>
Phone: (609) 476-6281
Cell: (609) 517-1960


The information transmitted via this e-mail is intended only for the person or entity to which it is addressed and may 
contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of, or 
pursuing of any action in reliance upon this information by persons or entities other than the intended recipient is 
prohibited. If you are the recipient of this in error, please contact the sender and delete the material from any 
computer.





The information transmitted via this e-mail is intended only for the

person or entity to which it is addressed and may contain confidential

and/or privileged material. Any review, re-transmission, dissemination or

other use of, or pursuing of any action in reliance upon this information

by persons or entities other than the intended recipient is prohibited. If

you are the recipient of this in error, please contact the sender and

delete the material from any computer.

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!