System > Package Manager, Click on “Available Packages” and search for Snort > install > confirm. NOTE: It might take some time to build/install everything it pulls in.
Got to Services > Snort and click “Add” and add the WAN interface.
- Check that Interface is enabled.
- Check “Snort will send Alerts to the firewall’s system log”.
- Check “Checksum Check Disable”. This is not checked by default. TCP already does this.
- Leave everything else alone and go to the bottom of the page and select “Save”.
Go to Services > Snort and click “Global Settings”.
- Check “Enable Snort VRT”. This requires an Oinkmaster code. One is free but is 30 days behind, the other is $30/yr.
- Enable SnortGPLv2.
- Enable the free Emerging Threat Open rules.
- Enable the OpenAppID and the OpenAppID RULES.
- Change the update Interval to 6 hours.
- Scroll to the bottom and select “Save”.
Go to Services > Snort and click “Updates”.
- Scroll down and click “Force Updates”.
Go to Services > Snort, Click on the pencil icon of each interface listed.
- There are two rows of options, choose the bottom row, WAN Categories (WAN is whatever the interface was named).
- This page has all kinds of rules you can turn on. Click “Use IPS Policy”.
- Start with setting it to Balance Connection/Security, click “Save”.