Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1145
Views
0
Helpful
3
Replies

Physical IPS vs IPS Module

Go to solution
learnsec
Level 1
Level 1

‎11-09-2012 06:17 AM - edited ‎03-10-2019 05:49 AM

hello,

Do u think, from a security expert perspective, replacing a physical IPS with an IPS module on the Firewall will have any beneficiary?

any idea that may clarify?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
turnera
Level 1
Level 1
In response to learnsec

‎11-10-2012 11:24 AM

Yes you can install IPS modules into routers. Take a look at the following presentation to get an idea what range of devices are available to you.

http://www.cisco.com/en/US/prod/collateral/routers/ps5853/ps5875/prod_presentation0900aecd806ccf26.pdf

As for your second question, neither implementation is strictly right or wrong. Situation will dictate what you want to do regarding how you configure the path to the ISP. My personal preference would be to put a switch between the IPS and the router and configure it accordingly. It provides me some flexibility that can allow me to plug in other devices into the network path if I find I need to. 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
turnera
Level 1
Level 1

‎11-09-2012 10:46 AM

Throughput will be your biggest expense. The physical IPS box will, more than likely, allow faster throughput speeds. Whereas an IPS module will have reduced throughput speeds. In addition, you will be limited in your virtual sensors, typically the modules will have one. If you need more, you will be forced to look at stand alone IPS/IDS devices.

If you have a small network where speed and virtual sensors are not a problem, then the module will more than likely work. If you are in a larger scale enviornment, then you will need to look at stand alone devices as your solution.

0 Helpful

Go to solution
learnsec
Level 1
Level 1
In response to turnera

‎11-09-2012 09:40 PM

thanks tunera,

just 2 small questions:

- can i install IPS module on a router? or it is only for Firewalls

- i see some network designs where they put a switch before the IPS and a switch after, to do not connect the IPS to the router directly or the firewall. is that a common design or best practise ? or is there any best practise design?

0 Helpful

Go to solution
turnera
Level 1
Level 1
In response to learnsec

‎11-10-2012 11:24 AM

Yes you can install IPS modules into routers. Take a look at the following presentation to get an idea what range of devices are available to you.

http://www.cisco.com/en/US/prod/collateral/routers/ps5853/ps5875/prod_presentation0900aecd806ccf26.pdf

As for your second question, neither implementation is strictly right or wrong. Situation will dictate what you want to do regarding how you configure the path to the ISP. My personal preference would be to put a switch between the IPS and the router and configure it accordingly. It provides me some flexibility that can allow me to plug in other devices into the network path if I find I need to. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card