Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
0
Helpful
1
Replies

VACL vs SPAN

jason.andrews
Level 1
Level 1

‎05-23-2002 05:32 AM - edited ‎03-08-2019 10:44 PM

Based on your experiences, which do you prefer? SPAN seems to expose alot of false positive traffic, but will VACL not expose enough?

Labels:
0 Helpful
1 Reply 1

ishah
Level 1
Level 1

‎05-27-2002 05:36 AM

Span will capture everything but is simple

VACLs allow granular control to certain types of traffic can be filtered out by only using capture on the traffic that you are interested in. Care should be taken with your filters otherwise you could be ignoring genunine attacks.

It is better to run IDS on span for some weeks prior to tuning your VACLs to establish what you what to capture and what to ignore. This applies even if using span ports.

IDS does require tuning but one that has been done, it works really well with either technique.

0 Helpful
Customers Also Viewed These Support Documents