06-06-2003 07:30 AM - edited 03-09-2019 03:34 AM
This is a general question as to whether anyone is running the 4235 sensor on 4.0 code with multiple monitoring interfaces?
Basically I am wondering if you have any comments on performance or if you have run into any issues with the configuration. I have not seen too much documentation for actually configuring this, so I'm wondering if there are any additional requirements or considerations.
Solved! Go to Solution.
06-06-2003 07:37 AM
Hi Chad,
With IDS 4.0 you can only montior using one sniffing interface. With 4.1 you will have support for multiple monitoring interfaces.
As far as performance goes, I don't see any issues besides to make sure the management station is able to handle the amount of alarms coming in when using multiple interfaces.
Thanks,
Obaid.
06-06-2003 08:50 AM
We are currently testing 4.1, which has support for multiple interfaces on the 4235. I have a configuration running in the lab with a 4235 that has a quad nic card installed. Performance is very good. I think we rate the 4235 about 300 mbit or so with 4.1, so you should have a aggregate bandwidth support for the 300 Mbit divided among your monitoring interfaces.
You are correct , no docs out yet, because 4.1 is not yet shipping. Expected very soon.
06-06-2003 07:37 AM
Hi Chad,
With IDS 4.0 you can only montior using one sniffing interface. With 4.1 you will have support for multiple monitoring interfaces.
As far as performance goes, I don't see any issues besides to make sure the management station is able to handle the amount of alarms coming in when using multiple interfaces.
Thanks,
Obaid.
06-06-2003 07:45 AM
Obaid,
That would explain the lack of documentation on this! The product overview did mention that this was possible with version 4.0, but I couldn't find any supporting documentation on actually configuring this in the technical docs.
This begs the question: Do you have a rough estimate on a timeframe for the 4.1 release?
And now that we're talking about a new version, I have another question: Will one sensor configured to monitor two segments be able to apply different response options to the two separate networks. For example, let's say that I have a sensor watching an internet DMZ and a DMZ connecting a partner. I trust the partner connection and permit some signature matches that I would not permit on the internet DMZ. Will 4.1 let me watch both segments and have different responses for each, or will both segments be held to the same response profile?
I'm not too concerned about alarm volume to the management console given the planned deployment. I was more concerned about additional memory or CPU requirements on the sensor to monitor multiple segments.
Thanks very much for this information. Quite a big help!
Regards,
Chad
06-06-2003 08:27 AM
Chad,
With multiple interfaces in 4.1 all interfaces will be inspected with the same configuration. We have the concept of virtual sensors in the works and it will come out in a version after 4.1. With virtual sensors you will be able to handle the example you mentioned.
So in summary 4.1 will give you multiple interfaces with the same IDS configuration. We will be adding the virtual sensors in a future version.
--Mike
06-06-2003 07:48 AM
Performance is based on the aggregate bandwidth you are monitoring across multiple interfaces, so management requirements should not be any higher than with a single interface.
06-06-2003 08:50 AM
We are currently testing 4.1, which has support for multiple interfaces on the 4235. I have a configuration running in the lab with a 4235 that has a quad nic card installed. Performance is very good. I think we rate the 4235 about 300 mbit or so with 4.1, so you should have a aggregate bandwidth support for the 300 Mbit divided among your monitoring interfaces.
You are correct , no docs out yet, because 4.1 is not yet shipping. Expected very soon.
06-06-2003 09:35 AM
Exactly the information I was looking for. Thanks to all of you for responding. I'll certainly keep an eye out for the 4.1 release.
Thanks again.
Chad
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide