Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
0
Helpful
2
Replies

Two Snort engines in one network

ethutchinson
Level 3
Level 3

‎10-15-2024 08:17 AM

We have two FTDs managed by an FMCv. both running 7.2.8. We are still using Snort 2 and will most likely go to Snort 3 after we are done upgrading to 7.4.2.

We are thinking about a secondary network appliance that would possibly use snort as part of its detection engine. I know this sounds like a newbie type question but could that cause network performance issues if the appliance uses snort? Would it conflict with the Firepower snort process?

Any info would be greatly appreciated.

 

 

Labels:
0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎10-15-2024 08:26 AM

Why double snort ? And how you want to use snort without Firepower?

MHM

0 Helpful

Aref Alsouqi
VIP
VIP

‎10-16-2024 01:36 AM

I don't personally think adding an additional appliance just to turn on IPS would be optimal. Turning on IPS on the FTDs which uses Snort comes with a performance cost. That is the same with Snort 2 or 3. Depending on the firewall hardware you have, the performance impact might be noticeable or not. My advice on this would be to evaluate the hardware performance impact with IPS turned on, and if it happens to be impacted up to the point to affect your traffic flows then I think you should start thinking about replacing the hardware. Cisco account manager can help you with this discovery process. However, if turning on IPS does not impact your traffic flow performance, then I would recommend moving to Snort 3 on the same box without adding any additional appliance.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card