topic Re: IDSM placement and redundancy question in Network Security

IDSM placement and redundancy question

d-fillmore — Sun, 10 Mar 2019 11:09:37 GMT

Hi, Does the IDSM-2 support any sort of redundancy protocol?

I can't see anything in the config guide.

If I wanted to place a redundant pair on the outside of a pair of firewalls, how would I manage the redundancy of them.

My other question is, is it better to place the IDSM on the outside of external facing firewalls or on the inside?

Many Thanks, Dom

Re: IDSM placement and redundancy question

Farrukh Haroon — Sun, 22 Jun 2008 14:35:58 GMT

The IDSM-2 supportes redundancy through the etherchannel protocol. I can send you a sample config if you want.

IPS systems are generally placed behind firewalls because they have more throughput challenges than firewalls and by virtue of being behind the firewall they have to filter/scan less traffic.

Regards

Farrukh

Re: IDSM placement and redundancy question

d-fillmore — Tue, 24 Jun 2008 09:46:16 GMT

Yeah that'd be great if you could.

Many Thanks in advance

Dom

Re: IDSM placement and redundancy question

Farrukh Haroon — Tue, 24 Jun 2008 10:37:40 GMT

These are two IDSM-2s connected to slot four and give of the same chassis. We are running FWSM >> MSFC OUTSIDE setup. All InterVLAN traffic is evaluated first by the IDSM than by the FWSM. Users default gateway is the FWSM.

Here you go:

intrusion-detection module 4 management-port access-vlan 100

intrusion-detection module 5 management-port access-vlan 100

intrusion-detection module 4 data-port 1 channel-group 5

intrusion-detection module 4 data-port 2 channel-group 6

intrusion-detection module 5 data-port 1 channel-group 5

intrusion-detection module 5 data-port 2 channel-group 6

intrusion-detection port-channel 5 trunk allowed-vlan 200-204,208

intrusion-detection port-channel 5 trunk allowed-vlan 708

intrusion-detection port-channel 5 autostate include

intrusion-detection port-channel 5 portfast enable

intrusion-detection port-channel 6 trunk allowed-vlan 260,280,400,401

intrusion-detection port-channel 6 trunk allowed-vlan 111-114

intrusion-detection port-channel 6 autostate include

intrusion-detection port-channel 6 portfast enable

Regards

Farrukh

Re: IDSM placement and redundancy question

d-fillmore — Tue, 24 Jun 2008 15:15:03 GMT

Thanks for your response Farrukh, I don't think I was clear enough in my original post. I meant chassis to chassis redundancy.

My client insists on putting the IDSMs on the outside of the firewall, in front of a pair of FWSMs (in seperate chassis).

Maybe there isn't a need for a HA relationship between the IDSMs as the active FWSM will ensure that the traffic flows through one of the IDSMs and no the other?

Cheers, Dom

Re: IDSM placement and redundancy question

Farrukh Haroon — Wed, 25 Jun 2008 19:22:53 GMT

Please see the attached file for some design guidelines.

Regards

Farrukh

Re: IDSM placement and redundancy question

d-fillmore — Thu, 26 Jun 2008 13:00:55 GMT

Many thanks Farrukh, That's very useful 🙂