I'm looking at implementing an IPS for our Internet Edge networks and have been doing some reading up on the Cisco IPS and ASA ranges. I'm a bit confused about the capabilities of the various units and would appreciate some guidance. Our network infrastructure comprises of a 10Mbit Internet link and a 4Mbit WAN (MPLS) link.
The lowest specification IPS appears to be the IPS4240 (ignoring the 4215 which is now marked end-of-life). The 4240 documention states it can process 250Mbps of traffic and supports 4 interfaces. Am I right in thinking that this one device can therefore be simultaneously connected to multiple subnets (e.g., the DMZ and internal LAN at the same time)?
Is the ASA with an AIP-SSM-10 module able to monitor several interfaces in the same way? I'm aware the AIP-SSM-10 can only handle 150Mbps, but given my requirements, I'm assuming this can do the job. If so, can I use the ASA as an external firewall with interfaces to the WAN, DMZ and LAN and have the AIP-SSM-10 provide intrusion protection for all three interfaces?
The IPS 4240 is significantly more expensive than an ASA5510 with AIP-SSM-10 module. Apart from the higher throughput, does it have additional functionality beyond that provided with the ASA/AIP-SSM-10?
The software and signatures that run on the AIP-SSM is the same that is used on the IDS/IPS 4000 series. The 4240 is more versatile in that it has more interfaces and can monitor traffic that isn't going through the ASA. If that isn't a concern than I'd save the money and go with the AIP-SSM module.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...