Showing results for 
Search instead for 
Did you mean: 


Hello Friends,

Can any body tell me why IPS/ISD is better than just having firewall pls


2 Replies 2

Level 9
Level 9

Hello tamuno,

Firewalls can block unnecessary traffic, based on the Layer 4 parameters, TCP / UDP ports, IP address etc.. This device, I can say, blocks around 70 % of the unwanted traffic.. firewalls have basic IPS functionality on the software which is very limited on the total signatures (around 20)...

If you are talking about full-fledged security, firewalls cant really do it 9as told above)... simple example is, if there is a mail server, the firewall will permit port 25/110 into the inside network, just by seeing the layer 4 header... wht if the attacker does a port sweep, finds that the firewall has 25/110 open, and introduce vulnerabilities on these open ports?? your network is vulnerable to attacks !!!! IPS will be the DEVICE here, which can inspect packets on layer 7 (application layer) and see if the packets entering the network is allowed/denied.. combining firewall & IPS, network administrators can get 95% of unwanted traffic blocked..

Hope this helps.. all the best.. rate replies if found useful..


Level 7
Level 7

Adding to what Raj mentioned ...

Some firewalls offer basic application inspection for some applications such as smtp, http , ftp etc. However the IPS is able to perform a full packet inspection which goes from layer 3-7 and is able to detect attacks that might be tunneled inside a commomly used port such as 443, 80 1433 etc. In networks today it is vital to have multilayer protection starting with firewall at the edge, network IPS on the crititical network segments, host IPS on the critical servers which might be accessible from the Internet, Antivirus and patch management on the host, Reporting and Logs correlation to name a few.

I hope it helps .. please rate if it does !!!

Review Cisco Networking for a $25 gift card