Change IPS to IDS

Unanswered Question
Feb 8th, 2009
User Badges:

Hi All,

I have an IPS Sensor 4240 working inline with the default settings... I need to do some tests and I need to change it to behave as an IDS. I know that I should configure the port on the swith as a SPAN port to send all traffic to the IDS (that will no longer be inline)....

My question is... what do I need to do in the IPS Sensor to change it to IDS?

Thank you all!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rhermes Mon, 02/09/2009 - 11:32
User Badges:
  • Gold, 750 points or more

The 4240 has 4 ports. One (in-line VLAN pairs) or two (in-line interface pairs) of those ports are being used. If you have a free port, put it in promiscious mode (default) and connect it to a new port on the switch that is aggregating your traffic. Configure the new switch interface as a span destination port. then disconnect your in-line interfaces (restoring traffic via another path of course).


This Discussion