Snort install on AIS Managed Firewall

  1. System > Package Manager, Click on “Available Packages” and search for Snort > install > confirm. NOTE: It might take some time to build/install everything it pulls in.

  2. Got to Services > Snort and click “Add” and add the WAN interface.

    • Check that Interface is enabled.
    • Check “Snort will send Alerts to the firewall’s system log”.
    • Check “Checksum Check Disable”. This is not checked by default. TCP already does this.
    • Leave everything else alone and go to the bottom of the page and select “Save”.
  3. Go to Services > Snort and click “Global Settings”.

    • Check “Enable Snort VRT”. This requires an Oinkmaster code. One is free but is 30 days behind, the other is $30/yr.
    • Enable SnortGPLv2.
    • Enable the free Emerging Threat Open rules.
    • Enable the OpenAppID and the OpenAppID RULES.
    • Change the update Interval to 6 hours.
    • Scroll to the bottom and select “Save”.
  4. Go to Services > Snort and click “Updates”.

    • Scroll down and click “Force Updates”.
  5. Go to Services > Snort, Click on the pencil icon of each interface listed.

    • There are two rows of options, choose the bottom row, WAN Categories (WAN is whatever the interface was named).
    • This page has all kinds of rules you can turn on. Click “Use IPS Policy”.
    • Start with setting it to Balance Connection/Security, click “Save”.