pfSense ntopng monitoring

fred974 · June 18, 2020, 11:44am

Hi all,

I have a custom pfSense with Intel® Xeon® CPU E3-1230 V2 @ 3.30GHz 8GB RAM at the top of my xcp-NG network in an enterprise environment.

So far, pfSense is very vanilla and only used for NAT, and firewall rules.

I was planing to extend the feature with pfBlockerNG and Suricata for IDS and cleaner traffic. But i also need to see what is going on in terms of traffic so I was thinking of installing ntopng.

This is a server only environment, we have no windows or Linux user.
We run web, mail, database, elasticsearch mainly.

Can anyone please advise if you recommend installing this package? Do I have enough resources to run it all?

Thank you

brwainer · June 18, 2020, 12:44pm

Ntopng will use almost nothing in terms of CPU and RAM compared to Snort or Suricata.

fred974 · June 18, 2020, 2:27pm

Do I need Suricata and pfBlockerNG in a server environment or is this mainly for office/home use?

LTS_Tom · June 18, 2020, 2:47pm

pfBlockerNG offers DNS sinkholing of domains and GeoIP filtering. If you are running servers blocking via GeoIP or poor reputation might be helpful.

fred974 · June 18, 2020, 2:49pm

thank you @LTS_Tom . I have a lot of webserver so you right… I need pfBlockerNG