Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
365
Views
0
Helpful
1
Replies

design question - AIP-SSM-10 in front of DB

snickered
Level 1
Level 1

‎10-22-2009 12:36 PM - edited ‎03-10-2019 04:48 AM

I have an ASA 5510 and was considering putting my organization's database servers on their own interface. The reason I want to do this is to examine all traffic with my IPS sensor to/from my databases. Is it a "best practice" to do this? TIA

Labels:
0 Helpful
1 Reply 1

Farrukh Haroon
VIP Alumni
VIP Alumni

‎10-24-2009 10:50 PM

It is better to make a zone on the firewall and connect the switches/firewall using the switch. However you can always connect the server directly (as long as its using only ONE nic), but this is not a good design practice (especially in terms of scalability and manageability)

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card