Solved: FTD as IPS Deployment

fatalXerror · ‎08-29-2018

Hi Guys,

I am deploying a new 4100 as an IPS but when I register it in FMC it shows routed mode. Does it affect the IPS if it run in routed mode? I just want my IPS like a bump in a wire so I decided to configure it with inline pairs.

Does it still check for routing even though my interfaces are inline pairs?

Thanks

Mohammed al Baqari · ‎08-29-2018

Here you go.

- When you configure an Inline Pair 2 Physical interfaces are internally
bridged
- Very similar to classic inline Intrusion Prevention System (IPS)
- Available in Routed or Transparent Deployment modes
- Most of the LINA engine features (NAT, Routing etc) are not available
for flows which go through an Inline Pair
- Transit traffic can be dropped
- Few LINA engine checks are applied along with full Snort engine checks

Short answer, inline pair will act as IPS and not routing will be taking
place for packets coming on inline interface.

View solution in original post

Mohammed al Baqari · ‎08-29-2018

Here you go.

- When you configure an Inline Pair 2 Physical interfaces are internally
bridged
- Very similar to classic inline Intrusion Prevention System (IPS)
- Available in Routed or Transparent Deployment modes
- Most of the LINA engine features (NAT, Routing etc) are not available
for flows which go through an Inline Pair
- Transit traffic can be dropped
- Few LINA engine checks are applied along with full Snort engine checks

Short answer, inline pair will act as IPS and not routing will be taking
place for packets coming on inline interface.