Hello, Is it expected for snort enabled on pfsense to slowdown your internet? Webpages loading slowly and often having issues with dns failing? Thank you.
It is entirely possible. What hardware are you running pfsense on?
1 Like
Protectli vault FW4C. In LAN_R Categories i have since unselected the preset : select all" and have no boxes checked other than the Snort and Feodo Ruleset at top of page. I am brand new to this and everything thing I learn is new to me. I wanted a very secure network because I believe that some wifi deauth was going on because my internet usage skyrocketed and I would often have wifi disconnecting and I would get a message that a new device connected to my Asus router. I would check the mac address and the message would say that this device doesn’t exist.
I then happened upon protectli while researching etc… I have now turned off my 2.4 wifi because it doesn’t have wpa3 with protected frames like . 5ghz bands and I have some devices that can’t use it. Since setting router to an access point and setting rules to only accept connections from mac addresses that I put in, I haven’t seen my wifi disconnect and no notifications about new devices connecting.
IDS/IPS is not overly effective against modern threats.
1 Like
Thank you sir! I appreciate the video… 
p.s. So, in Snort, I have it set to " automatically block hosts that generate a Snort alert ". Does that mean that it’s already been through and it will only block it the next time? Also, should I simply remove snort from my Protectli vault with pFsense if it doesn’t truly help? ** Thank You…
I don’t think snort will be worth your time. It might catch old school attacks, but still might not be worth running. It can’t even inspect 99% of your traffic because it is encrypted. Unless you want to setup a proxy and certificates on all your devices so you can inspect HTTPS traffic.
2 Likes
I’ll take your advice along with others because this is all new to me and I don’t want to cause more harm than good. Making mistakes and missteps are part of the learning experiences though.
Thanks again for the information.