From nobody Sun Nov 19 22:00:37 2023 X-Original-To: freebsd-chat@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SYPj430fsz51Pgw for ; Sun, 19 Nov 2023 22:00:56 +0000 (UTC) (envelope-from teo.en.ming@protonmail.com) Received: from mail-4027.protonmail.ch (mail-4027.protonmail.ch [185.70.40.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "protonmail.com", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SYPj35qBSz3RyD for ; Sun, 19 Nov 2023 22:00:55 +0000 (UTC) (envelope-from teo.en.ming@protonmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b=yY+TGBgz; spf=pass (mx1.freebsd.org: domain of teo.en.ming@protonmail.com designates 185.70.40.27 as permitted sender) smtp.mailfrom=teo.en.ming@protonmail.com; dmarc=pass (policy=quarantine) header.from=protonmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1700431254; x=1700690454; bh=I6VXGNlxfHsU4woeeKJ4kdk7AntGVQrtuOSVdN5ktAw=; h=Date:To:From:Cc:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=yY+TGBgz7QLDsLNe4xtaFBate6ANDw7QFYUArKPKi5fhvXUdUeFKzZeLPVWbJP1Qe zCvezyC11hnv8oFutoBudXEpABToqtvy0zqJKag+nwNYlKYSgDSgamkOg9XQJkp9yw SOkzobEoc3OFiQAj2tDzH018bItaZ1TEL2a3AdvojnBEoOI7i8ejbSTeyODNU+D/Aj n9YGF8+Tj+xOn6Ce2c2hcS8vW1o1H0Imkoj8HubHMuTe6NpDB8kpCNEzoxIfsYRgVq 9cMNSNhwrDzW/Uwk1jF5LIA0xK9QUroTu5jndLSrWgsDgPd9NMTTQo6FGT4CTmaJ42 XA3bMjyrz6CJg== Date: Sun, 19 Nov 2023 22:00:37 +0000 To: "freebsd-chat@FreeBSD.org" From: Turritopsis Dohrnii Teo En Ming Cc: "ceo@teo-en-ming-corp.com" Subject: I have confirmed that the latest Sophos Firewall SFOS version 20.0.0 GA-Build222 is using open source Snort as its Intrusion Prevention System (IPS) Message-ID: Feedback-ID: 39510961:user:proton List-Id: Non technical items related to the community List-Archive: https://lists.freebsd.org/archives/freebsd-chat List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-chat@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-4.40 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[protonmail.com,quarantine]; RWL_MAILSPIKE_EXCELLENT(-0.40)[185.70.40.27:from]; R_DKIM_ALLOW(-0.20)[protonmail.com:s=protonmail3]; R_SPF_ALLOW(-0.20)[+ip4:185.70.40.0/24:c]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-chat@FreeBSD.org]; RCVD_COUNT_ZERO(0.00)[0]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; FREEMAIL_ENVFROM(0.00)[protonmail.com]; TO_DN_EQ_ADDR_ALL(0.00)[]; DKIM_TRACE(0.00)[protonmail.com:+]; ASN(0.00)[asn:62371, ipnet:185.70.40.0/24, country:CH]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; FREEMAIL_FROM(0.00)[protonmail.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MID_RHS_MATCH_FROM(0.00)[] X-Rspamd-Queue-Id: 4SYPj35qBSz3RyD X-Spamd-Bar: ---- Subject: I have confirmed that the latest Sophos Firewall SFOS version 20.0= .0 GA-Build222 is using open source Snort as its Intrusion Prevention Syste= m (IPS) Good day from Singapore, I have started installing Sophos Firewall SFOS version 20.0.0 GA-Build222 o= n my Intel Celeron J3160 (4 GB DDR3L RAM + 64 GB SSD) on 16 Nov 2023 Thursd= ay at 11.00 PM. Initially I had wanted to install Sophos Firewall on my new= est Intel Celeron J4125 (8 GB DDR4 + 64 GB SSD) but the Linux Kernel versio= n 4.14.302 wasn't able to detect Intel Ethernet Controller I225-V 2.5 GbE n= etwork interface cards. To workaround the problem, I had to install pfSense= firewall version 2.7.0 on my Intel Celeron J4125 firewall appliance and th= en install Sophos Firewall on my Intel Celeron J3160 firewall appliance. Bo= th pfSense and Sophos Firewall use open source Snort as its Intrusion Preve= ntion System (IPS). When I was installing Sophos Firewall on my Intel Celeron J3160 firewall ap= pliance, I opened up the terminal and traversed the Linux filesystem. I saw= the directory snort inside the /etc/ directory. This confirmed that the la= test version of Sophos Firewall is indeed using open source Snort as its In= trusion Prevention System (IPS). Regarding my Sophos Firewall, I have only performed a Basic Setup/Configura= tion at the moment. But I have also turned on IPS and ensured that Admin Se= rvices (HTTPS and SSH) are restricted to the LAN zone only. Further explora= tion of the (1) network interfaces and (2) firewall policies/rules inside S= ophos Firewall will be done later when I have more time. It is good to know that major firewall vendors like Sophos and pfSense (net= gate) are using open source Snort as its Intrusion Prevention System (IPS).= This goes to show that Snort is a rock solid and top notch IPS which is we= ll supported by the world's networking leader Cisco.=20 I am still unable to determine if Fortigate firewalls are using Snort as it= s IPS because Fortinet has extensively modified the Linux operating system = for its FortiOS. I have finished installing Sophos Firewall (Basic Setup and Configuration o= nly) on my Intel Celeron J3160 firewall appliance on 17 Nov 2023 Friday at = 1.00 AM. I have managed to sleep at about 2.00 AM and woke up in the mornin= g at about 7.00 AM on 17 Nov 2023 Friday. I do notice that my Sophos Firewall is a bit slow and lags. Perhaps it is b= ecause my Intel Celeron J3160 firewall appliance only has 4 GB of RAM. I wi= ll need to increase the amount of memory in the future. Fortigate, pfSense and Sophos firewalls support SNMP. Regards, Mr. Turritopsis Dohrnii Teo En Ming Targeted Individual in Singapore Blogs: https://tdtemcerts.blogspot.com https://tdtemcerts.wordpress.com GIMP also stands for Government-Induced Medical Problems. Sent with Proton Mail secure email.