Solved

Sourcefire IPS (Firepower deplying mode)

Posted on 2013-11-18
1
2,399 Views
Last Modified: 2013-12-04
hi,

dear valued supporters, i would like to ask one question regarding the top IPS vendor Sourcefire... the question is that if we are deploying the firepower in promiscuous mode so can we take any actions on the traffic or what actions can we take on this kind of traffic.

please reply asap as we need to support to one customer.
0
Comment
Question by:syedaassiiiff27
1 Comment
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39658117
I see mainly two mode e.g.
a) Passive - where the 3D Sensor is configured to only monitor traffic and not block. In a VM environment e.g. a port on the virtual switch is configured in promiscuous mode so that all traffic between VMs and to the physical NIC is mirrored on the promiscuous port to the sensor. It is best to use separate virtual switches and physical NICs for a sensor’s monitoring and management interfaces.

b) Passive in a Cluster -  Mostly in HA and load balancing situation. In virtual environment, Users can passively deploy the Virtual 3D Sensor in two possible
configurations: deploy one sensor per ESX host, or one sensor to monitor all the hosts in the cluster. Understand there is another configuration that requires the Cisco Nexus
1000V switch and a Nexus feature called Encapsulated Remote SPAN, or ERSPAN. ERSPAN is very similar to Cisco’s RSPAN feature, where SPAN traffic from a switch can be directed to the destination port on another switch.

Hence, if all of the hosts are using Cisco Nexus 1000V switches, most of the Nexus
switches can be configured to send their SPAN traffic to a single Virtual 3D Sensor. The sensor’s local switch can use traditional SPAN to send traffic to the sensor.

c) Inline - This block traffic. The sensor bridges the traffic between the switches and blocks any traffi c matching specific IPS “drop” rules.

e.g. from the community forum which you can find more info or post
https://community.sourcefire.com/questions/setting-a-policy-or-configuration-value-to-allow-all-ips-traffic-to-pass-through
https://community.sourcefire.com/questions/configuring-virtual-sensor-inline
https://community.sourcefire.com/questions/inspecting-virtual-traffic-from-multiple-vlans

I’d suggest you contact your SE and he/she can help you out there.
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How does VLAN work? Scenario: (please read the question) 11 102
Azure network security group 2 51
DDOS information about ip's, gateways and how it works 2 131
P2P and MPLS 3 42
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now