We have an IDS4215, which has recently been upgraded to 5.1.1. This was to enable the IPS functionality within the device.
I want to implement the IDS 4215 in IPS mode but I may need it to protect traffic between a number of different subnets (VLANS). We have 1 firewall with virtual interfaces supplying the 3 VLAN's in our DMZ (trunked from the firewall). the 1'st virtual interface provides access to our reverse proxy VLAN 111 that accepts SSL connecctions to our web site. This then terminates the connection and forwards the requests to the web site (VLAN 222) in clear HTML which is sent through the same trunk to the firewall(virtual interface vlan 222). The web server then sends data/requests to the database, which resides in a seperate VLAN 333 again through the same trunk to the firewall (virtual interface 333).
Can I setup inline IPS protection to protect communications between all these VLANs (firewall virtual interfaces)? If so, how do I go about doing it? Will it work if I setup VLAN pairs on the IPS device? Can I setup multiple VLAN pairs for the same interface? Do I need to use virtualisation because I don't think the 4215 supports this?
What is the best practice for setting up IPS in this type of environemt?
Thanks in advance!