Job,
Yes, I tested snort and it works pretty well though there are some http_inspect rules that trigger false positive events. You may need to add some od these rules to the supress list. Also, it might be better to enable specific snort rules that you need and build the ruleset as time goes by (there are autoconfigured rulesets based on your security posture that you can enable though).
Other features that I tested and worked well included:
Squid web proxy
IPv4 1:1 NAT, NAT Reflection, Outbound NAT, Port forwarding, DHCP Server
IPv6 Routing, SLAAC, DHCPv6
OpenVPN (password, password+certificate, push routes, client assistant, etc)
Snort (ET rules, Snort VRT rules, Snort Community rules, Snort OpenAppID detectors)
NTP
Among others.
Regards,
Kennedy
Kennedy,Did you try out SNORT while you were at it?Regards,
Job Muriuki,
Skype: heviejobOn Thu, May 5, 2016 at 6:54 AM, Alvin Jason Ochieng <ajochola@gmail.com> wrote:Cheers Kennedy !Great insight ....On Wed, May 4, 2016 at 6:01 PM, Kennedy Aseda <samskid5@gmail.com> wrote:Dear Alvin/Job,
Sorry, I have gotten back to you late.
I did a lab setup of pfSense 2.3 released in April and noted that the Mailwatch/Mailscanner packages were removed when pfsense changed from FastCGI to PHP-FPM. There are many other features that have been deprecated since.
It is possible, though not recommended to install custom packages. If you have the courage, you can do a Mailwatch/Mailscanner install from source. FreeBSD packages aren't available in pfsense 2.3 making it a little harder to maintain custom packages.
It might consider standalone mailfilter installation.
Kennedy
On 8 Apr 2016 11:48, "Kennedy Aseda" <samskid5@gmail.com> wrote:Alvin,
Have you set up pfsense and tried out the email scanning feature to ascertain it doesn't work?
http://pfsensesetup.com/mailscanner-installation-and-configuration/
I haven't personally done either pfsense or cyberoam but I am confident it mail scanning should be possible based on anecdotes of pfsense experts I have interacted with.
Kennedy
On 6 Apr 2016 11:40, "Alvin Jason Ochieng via skunkworks" <skunkworks@lists.my.co.ke> wrote:Regards,Job,Unfortunately it's not possible. Seen the diffrence btw the two manufacturers.On Wed, Apr 6, 2016 at 11:12 AM, Job Muriuki via skunkworks <skunkworks@lists.my.co.ke> wrote:On the same topic of pfsense, is there a way to set it up to work like cyberroam to filter out spam and viruses with virus definitions updated on the fly?
_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke
--
_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke
--