Dear all,
I need your help on this project
We have the pix firewall in redundant configuration with 4 interfaces (inside, dmz1, dmz2, dmz3). Inside interface connected to the redundant core switches 4507R. Dmz1 is connected to the edge switch 2970 where the dmz1 servers are connected and dmz2 and dmz3 interface/servers are connected to its respective edge switch 2970. I need to install the ids 4240 with 4 giga sniffing interface to this network. The following are the steps I done
I configured the IDS 4240 and connected int0 to the inside switch port, then int2 to the dmz1 2970 switch
etc.
SPAN session is created in all the switches with the IDS sniffing interfaces connected to the respective switchs SPAN dest port.
Now pls I NEED your suggestion on the following
1. In the edge switch should I configure the pix dmz1 port as span port?
2. What are the steps to be followed to complete the installation
3. I have done basic configuration and getting 993,994,995 sig Alarms by viewing in the IEV.
4. All the ports are opened for all the traffics to monitor on IDS
I want to tune the IDS and the ways to do so
I really want you all help to complete my task