We will be using our IPS 4255 as an IDS (promiscuous mode, NOT in-line). We will be utilizing a network tap to capture the traffic.
1. Does the IPS 4255 has the ability to work with the PIX firewall to block traffic?
2. If we are using a network tap in a non-inline mode, how does the IPS communicate with the PIX firewall? I believe packets can only be received by the IPS via the network tap, and the IPS cannot send data out to the network tap. Given this, does the IPS relay the information to the PIX via the management console (a server connected to the control interface of both the IPS and the PIX.