Looking for IDS/IPS configuration experience

Hello again CF,

I am looking to expand my knowledge and experience with IDS/IPS firewalls to bolster my resume as well as learn something in the process. I may be looking to buy something on newegg in the future to configure and experiment with. Any recommendations?

I'd make sure it was some of the newer firePOWER line if you're going Cisco like the 5506-X. You can pick up an older 5510 ASA or something with the legacy IPS but they're pretty much all end of life and support. Otherwise the lab device is a little spendy.

I believe some other vendors like Checkpoint allow you to install the IPS module on Gaia (Which you can place on a VM) for a 30 day trial or similar.

Sophos Firewall and a dual NIC ITX computer?

There's also Untangle.

You can also throw up some variety of Snort (such as on pfSense), there's a bunch of options but a lot of them do pretty much the same thing. Once you can generate syslog events out of the sensor you can also tie it into a SIEM type of tool for correlation rules and event scoring.

OP, is there a specific platform you had in mind?