IDSM vs IPS 4200

thedinuka · ‎08-28-2008

Hi all

I'm trying to design a data center security solution. I have a 6509 E with sup 720 and FWSM. My concern now is whether to go for IDSM or a 4200 sensor. I know about the through put limitations of both products. Can you all highlight any other pros and cons ?

thanks

jdive · ‎08-29-2008

Outside of the troughput limitation, you might want to look at the amount of physical interfaces that could make a difference. Finally, the IDSM2 hardware platform start to be ancient compared to the latest 4260's and 4270's.

Farrukh Haroon · ‎08-29-2008

I would recommend going for the appliances. It gets pretty difficult to troubleshoot the network with FWSM and IDSM in the same chassis. Etherchannels, STP, MAC-Learning.......you have to look at all that to see what exactly is happening in the network and the path taken by a particular packet. Since you have a 6500, you can load balance multiple IPS sensors using ECLB.

Also the appliances are modular, you can add interfaces etc.

Another downside is most network monitoring/management software(s) do not supported the IDSM properly, this includes Cisco's LMS and BMC Visualis/Dashboard. You will find the IDSM as a 'disconnected' device on both the Ciscoworks Campus Manager and BMC Visualis (on the network diagrams).

Regards

Farrukh