Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IPS 4240 Configuration

Dear all,

I need your help on this project

We have the pix firewall in redundant configuration with 4 interfaces (inside, dmz1, dmz2, dmz3). Inside interface connected to the redundant core switches 4507R. Dmz1 is connected to the edge switch 2970 where the dmz1 servers are connected and dmz2 and dmz3 interface/servers are connected to its respective edge switch 2970. I need to install the ids 4240 with 4 giga sniffing interface to this network. The following are the steps I done

I configured the IDS 4240 and connected int0 to the inside switch port, then int2 to the dmz1 2970 switch…etc.

SPAN session is created in all the switches with the IDS sniffing interfaces connected to the respective switch’s SPAN dest port.

Now pls I NEED your suggestion on the following

1. In the edge switch should I configure the pix dmz1 port as span port?

2. What are the steps to be followed to complete the installation

3. I have done basic configuration and getting 993,994,995 sig Alarms by viewing in the IEV.

4. All the ports are opened for all the traffics to monitor on IDS

I want to tune the IDS and the ways to do so

Thanks in advance

1 REPLY
Silver

Re: IPS 4240 Configuration

Yes, you need to configure the pix dmz1 port as span port in the edge switch.

310
Views
0
Helpful
1
Replies
CreatePlease to create content