I have changed my network setup from the default ISP device to an Ubiquiti EdgeRouter (ER-X-SFP) a while ago. Currently I’m planing to switch to an static IPv4 address. From the ISP I would also get an IPv6 Prefix.
Besides the build in firewall I would also like to use an IDS/IPS system in order to better protect my network. In general I’m really new in IDS/IDS systems an I tried to find a solution in order to use the EdgeRouter instead of buying an additional device.
I can’t find much information about this topic besides that this would not work caused by the limited DRAM of the EdgeRouter (in regard to Suricata).
I found two IDS/IPS systems which are, from my point of view, could be interesting for this use case: Suricata and Snort. Both are available as mipsel packages from Debian (EdgeMax the OS of the Edge series is based on Debian stretch afaik). To come to my question(s):
- Could be the limited DRAM (256 MB)?
- Could be the limited flash storage a problem (256 MB) or is the an external logging possibility instead of using the local drive?
- Would it be an good idea to use an EdgeRouter instead of an dedicated device?
- If somebody has practical experience I would be happy to hear about them
Thanks in advance
