Security Network Design with IPS Question

Unanswered Question
Mar 23rd, 2009


on a point to point connection with a 5510 Firewall edition on each end does it make sense to add an IPS module on both 5510s or just one side? Perhaps there is a way for the one IPS module to monitor both sides and automatically terminate traffic on the other ASA as well?

Thanks in advance. All replies rated

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
larry.atkins Mon, 03/23/2009 - 12:41

Will these firewalls be communicating with any other devices outside of each other? If so you might want an IPS on both sides. If they are just communicating with each other then I would think having an IPS on both sides would be redundant.

angel-moon Tue, 03/24/2009 - 17:53

Hello Larry,

thanks for the reply. These devices will be behind a 2800 series router on each end doing a VPN.

We will also have VPN access to our NOC for monitoring. Thoughts?


This Discussion