FWSM and Inline IPS Question

jwalker · ‎06-26-2008

I have an ISS IPS that I would like to put inline in front of my FWSM. This should be straight forward, but I want to use transit VLANs instead of physical connections. My question is can this be done? If it can, how would I do it? I have accomplished this same thing with an IPS appliance, but I am not sure if it will work the same with the FWSM.

Thanks.

Jay

a.alekseev · ‎06-26-2008

What do you mean "to use transit VLANs instead of physical connections"?

jwalker · ‎06-26-2008

The IPS will work if you create two VLANs and use it as a bridge. Alternatively, you can physically connect the IPS to network devices.

a.alekseev · ‎06-26-2008

what's the problem?

create two vlans and let the IPS to be a bridge beween them.

jwalker · ‎06-26-2008

Here is a sketch of what I'm trying to do... I just want to know if it will work?

Thanks.

Jay

a.alekseev · ‎06-26-2008

If your IPS can work inline So It will do.

You can easily inclide/exclude the IPS from switching path just put your vpn concentrator's inteface in vlan 15 or 10.

Farrukh Haroon · ‎06-26-2008

If your ISS IPS supports Inline Mode, then everything should be fine. As far as the FWSM and VPN concentrator are concerned, adding a layer 2 device does not change much for them.

A properly configured IPS is just a 'transparent' device like a L2 switch.

Regards

Farrukh