cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
429
Views
0
Helpful
1
Replies

IDS 4240 configuration and tuning steps

arumugasamy
Level 1
Level 1

Dear all,

I need your help on this project

We have the pix firewall in redundant configuration with 4 interfaces (inside, dmz1, dmz2, dmz3). Inside interface connected to the redundant core switches 4507R. Dmz1 is connected to the edge switch 2970 where the dmz1 servers are connected and dmz2 and dmz3 interface/servers are connected to its respective edge switch 2970. I need to install the ids 4240 with 4 giga sniffing interface to this network. The following are the steps I done

I configured the IDS 4240 and connected int0 to the inside switch port, then int2 to the dmz1 2970 switch…etc.

SPAN session is created in all the switches with the IDS sniffing interfaces connected to the respective switch’s SPAN dest port.

Now pls I NEED your suggestion on the following

1. In the edge switch should I configure the pix dmz1 port as span port?

2. What are the steps to be followed to complete the installation

3. I have done basic configuration and getting 993,994,995 sig Alarms by viewing in the IEV.

4. All the ports are opened for all the traffics to monitor on IDS

I want to tune the IDS and the ways to do so

I really want you all help to complete my task

1 Reply 1

nikhil_m
Level 1
Level 1

Is it in SPAN or RSPAN ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: