Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IDS 4240 configuration and tuning steps

Dear all,

I need your help on this project

We have the pix firewall in redundant configuration with 4 interfaces (inside, dmz1, dmz2, dmz3). Inside interface connected to the redundant core switches 4507R. Dmz1 is connected to the edge switch 2970 where the dmz1 servers are connected and dmz2 and dmz3 interface/servers are connected to its respective edge switch 2970. I need to install the ids 4240 with 4 giga sniffing interface to this network. The following are the steps I done

I configured the IDS 4240 and connected int0 to the inside switch port, then int2 to the dmz1 2970 switch…etc.

SPAN session is created in all the switches with the IDS sniffing interfaces connected to the respective switch’s SPAN dest port.

Now pls I NEED your suggestion on the following

1. In the edge switch should I configure the pix dmz1 port as span port?

2. What are the steps to be followed to complete the installation

3. I have done basic configuration and getting 993,994,995 sig Alarms by viewing in the IEV.

4. All the ports are opened for all the traffics to monitor on IDS

I want to tune the IDS and the ways to do so

I really want you all help to complete my task

1 REPLY
Community Member

Re: IDS 4240 configuration and tuning steps

Is it in SPAN or RSPAN ?

179
Views
0
Helpful
1
Replies
CreatePlease to create content