×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

IPS 4240 Configuration

Unanswered Question
Sep 21st, 2005
User Badges:

Dear all,


I need your help on this project


We have the pix firewall in redundant configuration with 4 interfaces (inside, dmz1, dmz2, dmz3). Inside interface connected to the redundant core switches 4507R. Dmz1 is connected to the edge switch 2970 where the dmz1 servers are connected and dmz2 and dmz3 interface/servers are connected to its respective edge switch 2970. I need to install the ids 4240 with 4 giga sniffing interface to this network. The following are the steps I done


I configured the IDS 4240 and connected int0 to the inside switch port, then int2 to the dmz1 2970 switch…etc.


SPAN session is created in all the switches with the IDS sniffing interfaces connected to the respective switch’s SPAN dest port.


Now pls I NEED your suggestion on the following


1. In the edge switch should I configure the pix dmz1 port as span port?

2. What are the steps to be followed to complete the installation

3. I have done basic configuration and getting 993,994,995 sig Alarms by viewing in the IEV.

4. All the ports are opened for all the traffics to monitor on IDS

I want to tune the IDS and the ways to do so



Thanks in advance


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
umedryk Tue, 09/27/2005 - 11:04
User Badges:
  • Bronze, 100 points or more

Yes, you need to configure the pix dmz1 port as span port in the edge switch.

Actions

This Discussion