Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 29 subscribers
  • Views 597 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG firewall as NIDS

Yoshi Yagi

Let me ask you about NIDS.

Is it possible to use Sophos XG firewall as NIDS?

I'd like to detect security alerts by receiving captured packets that is sent from network equipments through the Ethernet.

Thank you.



This thread was automatically locked due to age.
  • 0

    Probably opnsense with suricata would be a better option

  • 0

    Hi l0rdraiden,

    Thank you so much for your reply.

    Do you mean replacing Sophos firewall with Suricata?

    If possible, I'd like to install Suricata into Sophos firewall.

    Thank you.

  • 0 in reply to Yoshi Yagi

    Suricata isn't a firewall. You can use this in addition to a sophos firewall.
    Sophos includes a IPS/IDS system too. Here you find the snort-engine.
    PS: you can't / shouldn't install something within Sophos Firewall.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Hi Dirk,

    Thank you so much for your reply!!

    Sophos firewall works as NIDS without add other hardware/software because it has Snort engine inside it.

    Is my understanding correct?

    I'd like to detect security alerts by receiving captured packets that is sent from network equipments through the Ethernet.

    Thank you.

  • 0 in reply to Yoshi Yagi

    Only if the packets travel through the XG.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi rfcat_vk,

    Thank you so much for your replyBlush.

    Sophos firewall has Snort engine inside it.

    But, To work Sophos firewall as NIDS, packets have to pass through the firewall.

    Thus, Sophos firewall can't meet my requirement.

    Is it correct?

    My requirement:

    Detecting security alerts by receiving captured packets* that are sent from network equipment through the Ethernet.

      * packets that are sent from network equipment:   Mirrored and sent packet from remote network equipment

    Thank you.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?