FWSM and Inline IPS Question

Unanswered Question

I have an ISS IPS that I would like to put inline in front of my FWSM. This should be straight forward, but I want to use transit VLANs instead of physical connections. My question is can this be done? If it can, how would I do it? I have accomplished this same thing with an IPS appliance, but I am not sure if it will work the same with the FWSM.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.alekseev Thu, 06/26/2008 - 12:09

What do you mean "to use transit VLANs instead of physical connections"?

a.alekseev Thu, 06/26/2008 - 12:31

what's the problem?

create two vlans and let the IPS to be a bridge beween them.

a.alekseev Thu, 06/26/2008 - 13:23

If your IPS can work inline So It will do.

You can easily inclide/exclude the IPS from switching path just put your vpn concentrator's inteface in vlan 15 or 10.

Farrukh Haroon Thu, 06/26/2008 - 21:52

If your ISS IPS supports Inline Mode, then everything should be fine. As far as the FWSM and VPN concentrator are concerned, adding a layer 2 device does not change much for them.

A properly configured IPS is just a 'transparent' device like a L2 switch.




This Discussion