05-26-2009 05:24 AM - edited 03-10-2019 04:38 AM
Customer doesn't want to use MARS. Any recommendations on decent syslog server?
thx again
Solved! Go to Solution.
05-27-2009 11:41 PM
I would place it behind the firewall's outside interface. But this all depends on your security policy and how your network is setup.
Another factor is your IPS device's throughput. Can it sustain the load from the internal LAN? If so you can also place it behind the PIX firewall. This will give you protectional for both internal an external threats.
I would setup the IPS in inline interface pair mode.
Have a look at this link:
Please rate if helpful.
Regards
Farrukh
05-26-2009 06:07 AM
The IPS sensor does not support syslog. It can only send SNMP traps to remote destinations. A good tool to store IPS sensor events is Cisco IME, and its free! Have a look at:
Regards
Farrukh
05-26-2009 08:52 AM
you are a peach...thx
05-26-2009 11:13 AM
No problem, I'm glad you find the link useful :)
Regards
Farrukh
05-27-2009 01:04 PM
one more question. Simple network with PIX outside and inside network. I was just looking at how these things go together. Customer wants ids mode. I assume you span ports to make it work? Also, placement better to have it on the internet side or the inside? thx again
05-27-2009 11:41 PM
I would place it behind the firewall's outside interface. But this all depends on your security policy and how your network is setup.
Another factor is your IPS device's throughput. Can it sustain the load from the internal LAN? If so you can also place it behind the PIX firewall. This will give you protectional for both internal an external threats.
I would setup the IPS in inline interface pair mode.
Have a look at this link:
Please rate if helpful.
Regards
Farrukh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide