Regarding deploying IPS in inline mode

Unanswered Question
Dec 17th, 2007

Dear friends

Just a query about operating IPS 4255 in inline mode. Currently, it is operating in promiscious mode. Now, i am planning to change to inline mode for just one segment (Internet vlan - 15) connecting the 4507 core switch 4507 and the 515 firewall.

I am planning to add another Layer 2 vlan viz. Vlan 16. The IPS can then act inline bridging traffic between vlan 16 and vlan 15.

I have enclosed a diagram for your kind reference. As you will see, the firewall and core switch are still in the same Layer 3 subnet but the firewall is in vlan 16 and not in vlan 15.

What is confusing me is the switch configuration for Switch A and B. I am not sure which ones are to be trunked and which ones are to be put in vlan 15 or 16.

This diagram just depicts the proposed plan. Can you let me know if this is correct. Any suggestion / feedback on this will really be appreciated.

Thanks a lot


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gautamzone Thu, 12/20/2007 - 05:40

Thanks a lot Brad. But my understanding was that to put IPS in inline mode, you need to create another VLAN and use the IPS to bridge between both the Vlan's.

Can you shed more light on how do you achieve this with just one VLAN?

Thanks a lot


mherald Mon, 12/31/2007 - 17:45

When you put an IDSM2 IPS in-line mode, use two VLANs. If you have a 4200 series sensor, use the same VLAN on both sides of the interfaces used as an in-line pair.



This Discussion