02-21-2012 10:49 AM - edited 03-04-2019 03:22 PM
Pls can u help me to setup the Physical connectively of IPS 4240 on the Internet edge with the ASA 5520 ,Pls how the topology will be
Pls Have a look to the attached Topoogy,if this a good design with IPS Appliance at nternet Edge
02-22-2012 01:23 PM
While inline as you show would work (and is arguably more secure), some folks prefer to have the appliance's interfaces both connected to the internal switch on an "inside" and "outside" VLAN.
That is a bit easier to implement and, should it ever need to be taken offliner it can be done with simple switch configuration vs. moving cables.
I wonder if you also need to protect a DMZ with IPS?
02-22-2012 05:38 PM
As Marvin said, injecting an IPS inline to the path serves as the best protection as each every traffic in the path would be analyzed. The only issue with your IPS model accompanied with inline mode is, there is a lack of hardware inline bypass. But , it supports software bypass.
02-23-2012 02:52 AM
Pls can y update the topology with ideal design
02-23-2012 03:27 AM
Whatever you have in place is an ideal design.
02-23-2012 08:56 AM
Pls one Favor,can u update the topology with two IPS for redundancy at the Internet edge,how the physical connectivity would appear
02-23-2012 05:28 PM
Based on your diagram i don't see a point of having redundant IPS when you don't have a redundant firewall, router & switch.
02-24-2012 01:59 AM
I m going to have redundant fashion at the Internet edge
02-24-2012 03:27 AM
Does that mean, you would have dual internet + router + Firewall + Switch?
02-24-2012 04:24 AM
yes y right, 2 Internet router (3825) 2 asa 5520 2 ips 4240 2 core 4500, acting as core
Pls vivek can u draw the topology for me for the IPSs,routers,ASAs at the Internet edge that describe the physical connectivity of the devices
frankly speaking i didn't find diagram matching the described topolgoy so i seeking ur help
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: