Re: How 2 IDSM Combines Thoroughput & Integration with FWSM

omair.siddiqui · ‎06-07-2009

Hi;

We have planned to place the two IDSM module in 6509 chassis with FWSM. IDSM will in inline mode.

1- I understand that combine throughput will be 1GB but through which feature i can achieve it.

2- How it will integrate with FWSM. I mean what are the minimal steps that FWSM forward all request to IDSM.

Thanks

Farrukh Haroon · ‎06-07-2009

Dear Omair

You are correct that with the INLINE design, the cumulative throughput will be dependant on the throughput of the TWO IDSMs. The integration depends on your particular network and you need to provide more details. However you can find detailed steps in these posts I made earlier, please go through them:

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cd2932c/2#selected_message

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&topicID=.ee6e1fc&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc1b707

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&topicID=.ee6e1fc&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc1a97d

Please rate if helpful.

Regards

Farrukh

omair.siddiqui · ‎06-10-2009

Thanks A lot;

Found these links much useful. Our scenario include switch for core network. sup 720-3B, FWSM for segregation of application servers in different zones , IDSM and ACE for load balancing of some important application servers. Along with that 67XX gig ehternet with DFC card is also the part of the solution.

What would be the best design in your opinion. Other than that I have another query.

The management is looking to cut down the cost for DR and remove drop one IDSM and FWSM and leave only chassis with 1 IDSM. Mu concerns are

I believe FSWM is more imp than IDSM coz as per my understanding IDSM can't replace IDSM. How do you see it

Farrukh Haroon · ‎06-10-2009

I would recommend dropping ONE or BOTH IDSMs. The FWSM is critical and needs to be there. It will also require you to re-design the DR site.

Regards

Farrukh

omair.siddiqui · ‎06-11-2009

Thanks for the suggestion. I have pitched the importance of firewalling to management.

Can we use FWSM for deep inspection too, I understand it might not be as comprehensive as IDSM but is it possible at the first place.

avanzaadmin · ‎06-12-2009

My experience with FWSM (3.1.x) along side IDSM is that the inspection engines has their uses. We use the HTTP inspection extensively and it has been reasonably good at keeping a grip on the IM-over-HTTP clients, although this particular case requires help from the IDSM. As long as some traffic flows through the FWSM, ether before or after passing the IDSM, there is the option to enable inspection engines.

/Fredrik

Farrukh Haroon · ‎06-17-2009

Dear Omair

There are a lot of inspections available on the Firewall, but they cannot compete with a full-blown IPS in anyway. Both technologies complement each other, and for critical vertical sectors (like banking and finance) its important to have both.

Regards

Farrukh