Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1511
Views
0
Helpful
3
Replies

Virtual IPS/IDS design question.

Go to solution
David Kleberson
Level 1
Level 1

‎09-12-2015 07:42 AM - edited ‎03-10-2019 06:27 AM

Hi! I'm having some problems with understanding the design of virtual IPS/IDS.
I know how to do it with hardware IPS/IDS, when you have one physical interfaces specified to handle traffic and another physical interface to to send inspected traffic back to Core.

My question is how do people do it with virtual firewall? I mean how it is possible to configure a server running on VMWare to receive SPAN session (in IDS case) or something like that.

I hope I can clarify my concern.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎09-16-2015 12:32 PM

You can actually do both. If you just want to monitor (IDS) then you will have to dedicate a physical port on your VM server and span traffic to it. For more info on that check this link:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004099

If you want to place the virtual appliance inline, then you will have to dedicate two physical ports from your VM server. One of those ports will be used for the outside zone and the other for your inside zone. 

I hope this helps!

 

Thank you for rating helpful posts!

View solution in original post

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to David Kleberson

‎09-21-2015 05:33 PM

Yes, otherwise you can't really put it truly inline if other hosts/vlans are about to traverse around it :)

View solution in original post

0 Helpful
3 Replies 3

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎09-16-2015 12:32 PM

You can actually do both. If you just want to monitor (IDS) then you will have to dedicate a physical port on your VM server and span traffic to it. For more info on that check this link:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004099

If you want to place the virtual appliance inline, then you will have to dedicate two physical ports from your VM server. One of those ports will be used for the outside zone and the other for your inside zone. 

I hope this helps!

 

Thank you for rating helpful posts!

0 Helpful

Go to solution
David Kleberson
Level 1
Level 1
In response to nspasov

‎09-21-2015 10:38 AM

Neno, thank you for your reply. Does it mean that I have to sacrifice 1 or 2 physical ports of a host that is running VMware or HyperV?

0 Helpful

Go to solution
nspasov
Cisco Employee
Cisco Employee
In response to David Kleberson

‎09-21-2015 05:33 PM

Yes, otherwise you can't really put it truly inline if other hosts/vlans are about to traverse around it :)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card