Solved: Will the Threat grid appliance accept clean, Dirty and Admin interface ip addresses in the same subn...

nareshbabu.e · ‎01-10-2021

for example 192.168.1.1, 1.2 and 1.3 in /24 subnet

Marvin Rhoads · ‎01-11-2021

While it is technically possible, it is not recommended. Admin and Clean are fine on the same network. Dirty should be on "a dedicated external IP address (i.e., the "Dirty" interface) that is different from your corporate IP, in order to protect your internal network assets."

Reference:

https://www.cisco.com/c/dam/en/us/td/docs/security/amp_threatgrid/threat-grid-appliance-setup-and-config-guide-v2-4-3_2-4-3-3.pdf

Also note that the Dirty interface MUST have a public DNS server - one with no DNS security policy enforcement (like, for instance, an Umbrella server would have)

View solution in original post

Marvin Rhoads · ‎01-11-2021

While it is technically possible, it is not recommended. Admin and Clean are fine on the same network. Dirty should be on "a dedicated external IP address (i.e., the "Dirty" interface) that is different from your corporate IP, in order to protect your internal network assets."

Reference:

https://www.cisco.com/c/dam/en/us/td/docs/security/amp_threatgrid/threat-grid-appliance-setup-and-config-guide-v2-4-3_2-4-3-3.pdf

Also note that the Dirty interface MUST have a public DNS server - one with no DNS security policy enforcement (like, for instance, an Umbrella server would have)

Will the Threat grid appliance accept clean, Dirty and Admin interface ip addresses in the same subnet?