Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ids 4200 syslog

Customer doesn't want to use MARS. Any recommendations on decent syslog server?

thx again

  • Intrusion Prevention Systems/IDS
1 ACCEPTED SOLUTION

Accepted Solutions

Re: ids 4200 syslog

I would place it behind the firewall's outside interface. But this all depends on your security policy and how your network is setup.

Another factor is your IPS device's throughput. Can it sustain the load from the internal LAN? If so you can also place it behind the PIX firewall. This will give you protectional for both internal an external threats.

I would setup the IPS in inline interface pair mode.

Have a look at this link:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a00809c37cb.shtml

Please rate if helpful.

Regards

Farrukh

5 REPLIES

Re: ids 4200 syslog

The IPS sensor does not support syslog. It can only send SNMP traps to remote destinations. A good tool to store IPS sensor events is Cisco IME, and its free! Have a look at:

www.cisco.com/go/ime

Regards

Farrukh

New Member

Re: ids 4200 syslog

you are a peach...thx

Re: ids 4200 syslog

No problem, I'm glad you find the link useful :)

Regards

Farrukh

New Member

Re: ids 4200 syslog

one more question. Simple network with PIX outside and inside network. I was just looking at how these things go together. Customer wants ids mode. I assume you span ports to make it work? Also, placement better to have it on the internet side or the inside? thx again

Re: ids 4200 syslog

I would place it behind the firewall's outside interface. But this all depends on your security policy and how your network is setup.

Another factor is your IPS device's throughput. Can it sustain the load from the internal LAN? If so you can also place it behind the PIX firewall. This will give you protectional for both internal an external threats.

I would setup the IPS in inline interface pair mode.

Have a look at this link:

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_example09186a00809c37cb.shtml

Please rate if helpful.

Regards

Farrukh

170
Views
0
Helpful
5
Replies