Solved

INLINE CISCO IPS

Posted on 2013-01-23
1
473 Views
Last Modified: 2013-11-29
Hi,

I have CISCO VSS with many vlans. I would like to implement Cisco  FW and Cisco IPS  so all the traffic can pass through these devices.Any ideas how to design this setup or any related docs ?

Thanks
0
Comment
Question by:1w3
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 5

Accepted Solution

by:
Leeeee earned 500 total points
ID: 38810785
There's a few options you can look at, if you want all internet bound traffic to pass through the IPS/FW, simply place a default route on the core pointing to the firewall that connects to the internet edge router. All traffic will be subject to inspection.

Inline placement is also a consideration. The below is a guide focused more on standalone IPS, but you could make it work with the IPS module in the firewall:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/prod_white_paper0900aecd806e724b.html

http://www.caysec.com/2010/09/intrusion-prevention-best-practice-ips.html
0

Featured Post

Are You Ransomware's Next Victim?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question