cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
520
Views
0
Helpful
4
Replies

FW v/s IPS

ray_stone
Level 1
Level 1

Hi, we have installed ASA 5505 on our production site but ASA 5505 does not support IPS feature. May I know why we need to have IPS feature as we can manage all incoming and outgoing traffic via Firewall. Can you please show the difference in the terms of Layers as IPS support which type of layer tarffic nd FW too.. Thanks

1 Accepted Solution

Accepted Solutions

This all depends on the firewall. Nowadays most commercial firewalls offer some level of 'deep packet inspection' (marketing term). So both IPS and Firewalls now go all the way upto layer 7. However the coverage offered by firewall(s) is usually just basic anomalies and attacks. And usually enabling this features reduced the firewall performance very drastically, sometimes even reaching 10 times less than the regular performance (throughput, connections per second etc.).

Regards

Farrukh

View solution in original post

4 Replies 4

Farrukh Haroon
VIP Alumni
VIP Alumni

Dear Ray

Consider the firewall as a boundary wall/fence and the IPS as the security guard/dog/camera at the door.

The ideal solution would be to have a building with no doors and windows, this would be the most secure. This is like a network without any ports open. But the reality is that we have to make doors,windows. In the same way we have to open some ports like http,https,smtp etc. on almost each network.

So this is where the IPS kicks in, just like the security camera 'looks' for any intrusions, or just how that black ugly dog can smell things; the IPS looks for intrusions as they come along those 'open' doors or ports. This could be some protocol anomaly, or it could be some NON-RFC behavior of the protocol, it could be a flood, DOS attack, worm,virus etc.

Regards

Farrukh

Hi Farrukh, I knew this difference. I just wanted to know IPS supports which layer traffic and what layer supports by FW in the term of filtering by blocking or permitting.

This all depends on the firewall. Nowadays most commercial firewalls offer some level of 'deep packet inspection' (marketing term). So both IPS and Firewalls now go all the way upto layer 7. However the coverage offered by firewall(s) is usually just basic anomalies and attacks. And usually enabling this features reduced the firewall performance very drastically, sometimes even reaching 10 times less than the regular performance (throughput, connections per second etc.).

Regards

Farrukh

Thanks Farrukh to share this valuable information. Thanks once again.

Ray

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: