We addressed IPS placement earlier in the thread:For instance if you place a sensor outside of a firewall attached to the internet you will get millions of false alarms because there are so many automated attacks on the internet which your firewall w...

The AIP-SSM can be used in either Promiscuous (IDS) or inline (IPS) modes.The AIP-SSM management interface is not technically mandatory as everything can be configured from command line using the session command from the ASA however the management in...

Also forgot to mention that there are a couple tricks to get more interfaces out of the base firewall.  The management interface can be used as the stateful failover interface if you use the inside interface for manangement. (that was how the PIX use...

My first question is why don't you use an AIP-SSM module in the ASA 5510s?  The AIP-SSM module is a cheaper and simpler IPS solution to implement unless you specifically need to use a separate sensor.  The only reason I see to use a separate sensor i...

My first question is why don't you use an AIP-SSM module in the ASA 5510s?  The AIP-SSM module is a cheaper and simpler IPS solution to implement unless you specifically need to use a separate sensor.  The only reason I see to use a separate sensor i...