Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
689
Views
0
Helpful
1
Replies

ips failover

Go to solution
mirehteshamali
Level 1
Level 1

ā€Ž11-28-2011 04:07 AM - edited ā€Ž03-10-2019 05:32 AM

hi all

i have recently designed a solution having  firewall failover in active standby mode .

now i need to add ips in inline mode. with failover capability .

1) is their any failover of ips 4210 ? further how many signatures does 4210 supports ..

2) is CSC card a substitue of IPS card on ASA ?

3 )Will CSC ---asa---4210ips --------inside network , slow down due to repeated scanning at various levels ??

thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrey.dugin
Level 1
Level 1

ā€Ž11-29-2011 05:53 AM

I'll try to answer.

1) As I know there were no failover features in Cisco IPS.

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/white_paper_c11-459025.html

According to the document IPS has no additional influence on traffic in firewall failover situations but IPS cannot be clustered.

You can configure fail-open hardware bypass feature for IPS to permit traffic through it when IPS fails or use fail-close feature to stop traffic when IPS fails.

2) CSC is not 100% substitute for IPS.

3) It depends on your network.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
andrey.dugin
Level 1
Level 1

ā€Ž11-29-2011 05:53 AM

I'll try to answer.

1) As I know there were no failover features in Cisco IPS.

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/white_paper_c11-459025.html

According to the document IPS has no additional influence on traffic in firewall failover situations but IPS cannot be clustered.

You can configure fail-open hardware bypass feature for IPS to permit traffic through it when IPS fails or use fail-close feature to stop traffic when IPS fails.

2) CSC is not 100% substitute for IPS.

3) It depends on your network.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card