https://community.cisco.com/t5/network-security/virtual-ips-ids-design-question/m-p/2753943#M44593 <P>Hi!&nbsp;I'm having some problems with understanding the design of&nbsp;virtual IPS/IDS.<BR />I know how to do it with hardware IPS/IDS, when you have one physical interfaces specified to handle traffic and another physical interface to to send inspected traffic back to Core.</P><P>My question is how do people do it with virtual firewall? I mean how it is possible to configure a server running on VMWare to receive SPAN session (in IDS case) or something like that.</P><P>I hope I can clarify my concern.</P> Sun, 10 Mar 2019 13:27:20 GMT David Kleberson 2019-03-10T13:27:20Z https://community.cisco.com/t5/network-security/virtual-ips-ids-design-question/m-p/2753943#M44593 <P>Hi!&nbsp;I'm having some problems with understanding the design of&nbsp;virtual IPS/IDS.<BR />I know how to do it with hardware IPS/IDS, when you have one physical interfaces specified to handle traffic and another physical interface to to send inspected traffic back to Core.</P><P>My question is how do people do it with virtual firewall? I mean how it is possible to configure a server running on VMWare to receive SPAN session (in IDS case) or something like that.</P><P>I hope I can clarify my concern.</P> Sun, 10 Mar 2019 13:27:20 GMT https://community.cisco.com/t5/network-security/virtual-ips-ids-design-question/m-p/2753943#M44593 David Kleberson 2019-03-10T13:27:20Z https://community.cisco.com/t5/network-security/virtual-ips-ids-design-question/m-p/2753944#M44594 <P>You can actually do both. If you just want to monitor (IDS) then you will have to dedicate a physical port on your VM server and span traffic to it. For more info on that check this link:</P><P><A href="http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&amp;cmd=displayKC&amp;externalId=1004099">http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&amp;cmd=displayKC&amp;externalId=1004099</A></P><P>If you want to place the virtual appliance inline, then you will have to dedicate two physical ports from your VM server. One of those ports will be used for the&nbsp;<STRONG>outside zone&nbsp;</STRONG>and the other for your&nbsp;<STRONG>inside zone.</STRONG>&nbsp;</P><P>I hope this helps!</P><P>&nbsp;</P><P><EM>Thank you for rating helpful posts!</EM></P> Wed, 16 Sep 2015 19:32:39 GMT https://community.cisco.com/t5/network-security/virtual-ips-ids-design-question/m-p/2753944#M44594 nspasov 2015-09-16T19:32:39Z https://community.cisco.com/t5/network-security/virtual-ips-ids-design-question/m-p/2753945#M44595 <P>Neno, thank you for your reply. Does it mean that I have to sacrifice 1 or 2 physical ports of a host that is running VMware or HyperV?</P> Mon, 21 Sep 2015 17:38:56 GMT https://community.cisco.com/t5/network-security/virtual-ips-ids-design-question/m-p/2753945#M44595 David Kleberson 2015-09-21T17:38:56Z https://community.cisco.com/t5/network-security/virtual-ips-ids-design-question/m-p/2753946#M44596 <P>Yes, otherwise you can't really put it truly inline if other hosts/vlans are about to traverse around it <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 22 Sep 2015 00:33:38 GMT https://community.cisco.com/t5/network-security/virtual-ips-ids-design-question/m-p/2753946#M44596 nspasov 2015-09-22T00:33:38Z