Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
373
Views
0
Helpful
1
Replies

IDS Query

Go to solution
tyagivijay
Level 1
Level 1

‎05-04-2005 03:13 AM - edited ‎03-10-2019 01:26 AM

Hello,

We are having IDS 4215 with 4 Sniffing interface.

Now we want to place the sniffing interface at the different segment in our Network.

So do we need to place the entire sensing interfaces in a single logical group, or configure them as individual Interface???

Thanks in advance.

Vijay

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
a.arndt
Level 3
Level 3

‎05-06-2005 06:27 AM

If I understand your question correctly, your interfaces will stay in a single group, whether you like it or not. They will remain under a single monitoring policy despite being physically connected to different monitoring domains.

This is a result of the current versions of Cisco software (IDS 4.1 and IPS 5.0). The ability to configure a set of "Virtual Sensor" settings for each interface is not yet available. Cisco has said, both in various posts to this forum and in press releases and white papers on the Cisco site, that this feature will be added to a "future release".

Basically, you're stuck using a generic monitoring policy for all monitored segments. Any event filters or other changes you make to the policy (disabling/enabling signatures, for example) will apply to all the interfaces.

I hope this helps,

Alex Arndt

View solution in original post

0 Helpful
1 Reply 1

Go to solution
a.arndt
Level 3
Level 3

‎05-06-2005 06:27 AM

If I understand your question correctly, your interfaces will stay in a single group, whether you like it or not. They will remain under a single monitoring policy despite being physically connected to different monitoring domains.

This is a result of the current versions of Cisco software (IDS 4.1 and IPS 5.0). The ability to configure a set of "Virtual Sensor" settings for each interface is not yet available. Cisco has said, both in various posts to this forum and in press releases and white papers on the Cisco site, that this feature will be added to a "future release".

Basically, you're stuck using a generic monitoring policy for all monitored segments. Any event filters or other changes you make to the policy (disabling/enabling signatures, for example) will apply to all the interfaces.

I hope this helps,

Alex Arndt

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card