Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1097
Views
0
Helpful
1
Replies

is IPS required

fnature
Level 1
Level 1

‎09-27-2017 06:41 AM - edited ‎02-21-2020 06:23 AM

Hi,

 

I plan to have a router/firewall with just port 443 allowed on edge network, and port forwarding setup to internal server ( a netscaler providing VPN ) in DMZ. 

 

I'm trying to understand if having an IPS configured would be beneficial or not.

 

I undertstand that IPS is not effective on encrypted traffic, so is there any value having an IPS on the edge interface on the router/firewall  or no value ?

 

Is IPS better if set on the interface between netscaler and Internal network ?

 

Many thanks,

francois

 

 

 

 

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-27-2017 09:02 AM

IPS can do a great job on incoming SSL/TLS-encrypted traffic since you can put the certificate and private key on the IPS and have it decrypt/inspect/re-encrypt.

 

That said you can also put the IPS inside the Netscaler - ideally the Netscaler would be in a DMZ and the IPS only inspecting DMZ-inside traffic. I believe you can also run security services on the Netscaler though it's been a couple of years since I have worked with one.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card