Hello I have a theoretical question about vlan and IPS
suppose have an 4215 and a router. I want to run the ips with interface inline mode.
Would this here work fine ?
Router - WAN
- Ethernet Vlan 2
-Ethernet 2 -> Vlan 2
-Ethernet 3 Vlan 3
-Inside network all in Vlan 3
Would the IPS bridge if all were in the same subnet ?
If the paired interfaces are connected to the same switch, you should configure them on the switch as access ports with different access VLANs for the two ports. Otherwise, traffic does not flow through the inline interface.
Since I haven't read anything about deployment I had to ask to be 100% sure
Yes - you are approaching this correctly.
On the sensor, you need to be sure to complete the Vlan pairing so it will act as a L2 bridge between Vlans 2 & 3.
The other option is to do IPS on a stick, where you trunk 2 & 3 down a single physical interface to the 4215.
Let us know how your project proceeds.