Override settings in the global Snort configuration for individual Secure SD-WAN Engines

You can optionally import a Snort configuration .zip file for an individual Secure SD-WAN Engine to override settings in the global Snort configuration for specific Secure SD-WAN Engines.

All Secure SD-WAN Engines for which Snort inspection is enabled use the global Snort configuration by default. If you do not want to override settings in the global Snort configuration, it is not necessary to import a Snort configuration file for an individual Secure SD-WAN Engine.

Settings in the Snort configuration .zip file for an individual Secure SD-WAN Engine are combined with the settings in the global Snort configuration .zip file. If any configuration files in a Snort configuration .zip file for an individual Secure SD-WAN Engine have the same files name and paths as configuration files in the global Snort configuration .zip file, the overlapping files in the global Snort configuration .zip file are ignored.

Note: Secure SD-WAN Engines do not receive automatic updates for Snort rule sets. When new Snort rule sets are available, you must import new Snort configuration files and refresh the policy on the Secure SD-WAN Engine to start using the new Snort rule sets.

For more details about the product and how to configure features, click Help or press F1.

Steps

Right-click an Secure SD-WAN Engine, then select Edit <element type>.
Browse to Add-Ons > Snort.
Click Browse next to the Snort Configuration field, then select the Snort configuration file.
Click Save and Refresh.

Next steps

Create Access rules to select traffic for Snort inspection.

Engine Editor > Add-Ons > Snort

Use this branch to override settings in the global Snort configuration for specific Secure SD-WAN Engines.

Note: These settings are not supported for Master Engines or Virtual Engines.

Option	Definition
Enable	When selected, enables Snort inspection for the Secure SD-WAN Engine. Note: To apply Snort inspection to traffic, you must also create Access rules to select traffic for Snort inspection.
Snort Configuration (Optional)	The externally created Snort configuration .zip file that contains the Snort configuration files and rules for Snort inspection. Click Browse to select a file. Click None to remove a previously imported file. Click Export to export the Snort configuration file. All Secure SD-WAN Engines for which Snort inspection is enabled use the global Snort configuration by default. If you do not want to override settings in the global Snort configuration, it is not necessary to import a Snort configuration file for an individual Secure SD-WAN Engine. Settings in the Snort configuration .zip file for an individual Secure SD-WAN Engine are combined with the settings in the global Snort configuration .zip file. If any configuration files in a Snort configuration .zip file for an individual Secure SD-WAN Engine have the same files name and paths as configuration files in the global Snort configuration .zip file, the overlapping files in the global Snort configuration .zip file are ignored.

Option

Definition

Enable

When selected, enables Snort inspection for the Secure SD-WAN Engine.

Note: To apply Snort inspection to traffic, you must also create Access rules to select traffic for Snort inspection.

Snort Configuration

(Optional)

The externally created Snort configuration .zip file that contains the Snort configuration files and rules for Snort inspection.

Click Browse to select a file.
Click None to remove a previously imported file.
Click Export to export the Snort configuration file.