Security Onion Deployment Architecture #14118
Replies: 3 comments
-
|
This is a simple question. Anyone please help. Thanks in advance. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Assuming your OPNSense router is providing the NAT services for your network, you'd want to install the tap on the LAN side of it. Otherwise, all of the traffic you see for your local network will show as being to/from the external IP of the router. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
If put SO at Lan side, we capture less traffic. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.111
Installation Method
Security Onion ISO image
Description
other (please provide detail below)
Installation Type
Standalone
Location
other (please provide detail below)
Hardware Specs
Exceeds minimum requirements
CPU
8cores
RAM
20GB RAM
Storage for /
1TB
Storage for /nsm
1TB
Network Traffic Collection
tap
Network Traffic Speeds
Less than 1Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
Yes, there are salt failures (please provide detail below)
Logs
Yes, there are additional clues in /opt/so/log/ (please provide detail below)
Detail
Dear all forumer, I'm pretty new to security onion. I want to deploy SO into my home network.
My current network architecture is Modem -> OPNSense Router(WAN Port) -> Switches(LAN) and Acess Point(OPT1).
My question is where to deploy my SO? WAN port or LAN port?
I'm using Throwing Star Network tap.
At throwing star, I know how to connect J1 and J2 to the target system(WAN port). How to connect J3?
Thanks for your reply.
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions