Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2776
Views
0
Helpful
4
Replies

Placement of IDS & IPS, Inside or Outside?

Go to solution
Mokhalil82
Level 4
Level 4

‎04-19-2015 12:04 PM - edited ‎03-10-2019 06:21 AM

Hi 

I have a IDS and IPS, now deciding on where these should be placed. IDS inside and IPS outside the firewall or vice versa. Ive read various pros and cons but would like to get some advice from people who have any placement experience. 

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ArchiTech89
Level 1
Level 1
In response to Mokhalil82

‎04-20-2015 11:41 AM

The ASA is a firewall that has the IDS/IPS functionality in addition to other things -- hence a "security appliance."

As a firewall, the ASA device is placed on the network edge, that is, likely as the first device inside the WAN connection (bridge, modem), though sometimes it makes sense to have a router on the outside especially if there are multiple connections to ISPs for redundancy, load balancing, or Quality of Service implementations.

What model of ASA are we talking about?

IDS/IPS functionality occurs inside the device -- there's a "module" that's internal to the device that handles the duties. In the case of IPS, it will prevent malicious traffic from entering your organization's network (the often-called inside network). In the case of IDS, it will just flag the traffic and issue a warning through whatever means have been configured. These correspond loosely to inline mode and promiscuous mode respectively.

I'm no expert, but I hope I've been able to help answer your original question...

jeremyNLSO
Berlin, Germany

 

ArchiTech89
CCNA Routing & Switching, CCNA Security
MCITP, MCTS
Berlin, Germany

View solution in original post

0 Helpful
4 Replies 4

Go to solution
ArchiTech89
Level 1
Level 1

‎04-20-2015 09:07 AM

Hello,

What products are you talking about? Do you have Cisco's ASAs (Adaptive Security Appliances)?

 

ArchiTech89
CCNA Routing & Switching, CCNA Security
MCITP, MCTS
Berlin, Germany
0 Helpful

Go to solution
Mokhalil82
Level 4
Level 4
In response to ArchiTech89

‎04-20-2015 09:30 AM

Hi

Sorry should have mentioned, it's Cisco ASA's

 

0 Helpful

Go to solution
ArchiTech89
Level 1
Level 1
In response to Mokhalil82

‎04-20-2015 11:41 AM

The ASA is a firewall that has the IDS/IPS functionality in addition to other things -- hence a "security appliance."

As a firewall, the ASA device is placed on the network edge, that is, likely as the first device inside the WAN connection (bridge, modem), though sometimes it makes sense to have a router on the outside especially if there are multiple connections to ISPs for redundancy, load balancing, or Quality of Service implementations.

What model of ASA are we talking about?

IDS/IPS functionality occurs inside the device -- there's a "module" that's internal to the device that handles the duties. In the case of IPS, it will prevent malicious traffic from entering your organization's network (the often-called inside network). In the case of IDS, it will just flag the traffic and issue a warning through whatever means have been configured. These correspond loosely to inline mode and promiscuous mode respectively.

I'm no expert, but I hope I've been able to help answer your original question...

jeremyNLSO
Berlin, Germany

 

ArchiTech89
CCNA Routing & Switching, CCNA Security
MCITP, MCTS
Berlin, Germany
0 Helpful

Go to solution
Mokhalil82
Level 4
Level 4
In response to ArchiTech89

‎04-21-2015 01:53 PM

Thanks Jeremy, very helpful

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card