cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
404
Views
0
Helpful
2
Replies
rchester
Beginner

ids and alternate routes

I am yet to play with Cisco Secure IDS, but need a couple of answers if anyone is willing ;-)

How does a probe find alternate routes to the director??

Is it based on normal routing via a gateway?

If contact is lost to the director does the probe continue to log to a local store?

reload in 25 years
2 REPLIES 2
scothrel
Participant

I'm not sure I understand the first question...normal communications are established using "normal routing" via a default gateway from the sensor. The sensor(probe) can be configured to report to multiple directors if you want redundancy, but it still has one network connection. [the sensor has one network interface for the monitored network and one network interface for command & control. Our standard recommendation is to run C&C on a network separate from the monitored network eg. out of band]

As for the lost contact question, the answer is yes. Alarms will be logged on the local system until contact is re-established, at which time they will be forwarded to the director.

Excellent response, just exactly what I wanted to know.

Thanx again

reload in 25 years