12-17-2007 02:03 AM - edited 03-10-2019 03:54 AM
Dear friends
Just a query about operating IPS 4255 in inline mode. Currently, it is operating in promiscious mode. Now, i am planning to change to inline mode for just one segment (Internet vlan - 15) connecting the 4507 core switch 4507 and the 515 firewall.
I am planning to add another Layer 2 vlan viz. Vlan 16. The IPS can then act inline bridging traffic between vlan 16 and vlan 15.
I have enclosed a diagram for your kind reference. As you will see, the firewall and core switch are still in the same Layer 3 subnet but the firewall is in vlan 16 and not in vlan 15.
What is confusing me is the switch configuration for Switch A and B. I am not sure which ones are to be trunked and which ones are to be put in vlan 15 or 16.
This diagram just depicts the proposed plan. Can you let me know if this is correct. Any suggestion / feedback on this will really be appreciated.
Thanks a lot
Gautam
12-17-2007 02:06 AM
12-17-2007 03:31 AM
Why not use inline mode and a single VLAN? Why are you adding another VLAN?
-brad
(please rate the post if this helps!)
12-20-2007 05:40 AM
Thanks a lot Brad. But my understanding was that to put IPS in inline mode, you need to create another VLAN and use the IPS to bridge between both the Vlan's.
Can you shed more light on how do you achieve this with just one VLAN?
Thanks a lot
Gautam
12-31-2007 05:45 PM
When you put an IDSM2 IPS in-line mode, use two VLANs. If you have a 4200 series sensor, use the same VLAN on both sides of the interfaces used as an in-line pair.
Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide