I currently have installed PfSense on my Hp gen10 MicroServer. I’m thinking to move it on XPC-ng . I want to make a distributed firewall , one PfSense in front which make L3 filtering, then other PfSense’s that have snort , suricata and pfblockerng on them to make L7 filtering. My question is:
How can I connect those PfSense’s ? Is is possible?
P.S. I also want to install Kibana or Zabbix for monitoring.
You can virtualize pfsense in XCP-NG but I am not clear on how you want to connect them. The definition of a distributed firewall is here https://en.wikipedia.org/wiki/Distributed_firewall but I don’t understand your goal.
I want to filter with the first PfSense income traffic. For example if I have a request from outside the network on port 22 (SSH) and it is from China for example, it get’s rejected. If I have income traffic on port 443 it’s forwarded on the second firewall ( PfSense + snort for example) and it is filtered there . And so on.
I am thinking about this concept. I want to make the first filter on IP , then if it ok it get’s forwarded to the next firewall who decides if it is ok or not.
I’m also not clear how can I connect those PfSense’s ( vlan ? virtual NIC ? )
I am not clear the use case for doing this, but you can simply double NAT, put one pfsense in front of the other.
I want to improve my network security with cheap parts. I am thinking to make a primary pfSense, then secundary PfSense1 + Suricata , PfSense2+ pfBlockerNg, pfSense3+ Snort ; then use Kibata for monitoring everything.
I am thinking to use this solution in a school with average 1500 kids.
Thanks for advices.
You can do all of this in one pfsense. Each function on a separate one just makes it harder and more complicated.
You might want to take a look at Security Onion