Snort inspection configuration overview
The configuration of Snort inspection consists of these general steps.
- Prepare Snort configuration files.
- Import Snort configuration files globally to configure default settings for Snort inspection for all Secure SD-WAN Engines.
- (Optional) Import Snort configuration files for individual Secure SD-WAN Engines to override settings in the global Snort configuration for specific
Secure SD-WAN Engines.
Settings in the Snort configuration .zip file for an individual Secure SD-WAN Engine are combined with the settings in the global Snort configuration .zip file. If any configuration files in a Snort configuration .zip file for an individual Secure SD-WAN Engine have the same files name and paths as configuration files in the global Snort configuration .zip file, the overlapping files in the global Snort configuration .zip file are ignored.
- Enable Snort inspection for Secure SD-WAN Engines.
- Create Access rules to select traffic for Snort inspection.