What is the best IPS??

Unanswered Question
Jul 17th, 2007

hi all,

currently my compnay decided to buy an ips, i have a cisco 6509 one core siwthc, all my servers connected to the core and seprated through vlans, i want to make inline IPS from any vlan to other valn, 5 of my vlans have SVI, the rest is not so what is the optimal solution for me??? and is it possible to provide me with prices if possible???

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jwjorgensen Wed, 07/18/2007 - 10:27

So if only 5 of your vlans have an interface on the cat6509, then this must mean the other vlans are restricted only to communicate WITHIN the vlan. In order for each vlan to have inline protection between them, you would have to create a dummy vlan for each production vlan and set up inline vlan pairs on the IDSM. (I am making an assumption here) Of course, the same would hold true on IDS appliance, given that you have enough interfaces (you create an inline interface pair).

Alternatively, you could set up SPAN or VACLs for all of the vlans you want protected. Of course, you are losing the IPS capabilities to an extent as this would be more of an IDS solution. You could add blocking devices to the sensor and set the action to block host for the signatures that you want to blocked against.

HTH

Actions

This Discussion