Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

placing the CISCO IPS after the firewall will produce latency???

i have a setup of 3 routers 7609,3660 ,3745 cisco routers then second check is the cisco 4506 catalyst switches , the third check is juniper firewall and then the server zone or heart zone ,i want to place the cisco IPs after my firewall will it produce delay in the server farm traffic coz we are increasing one more hop??please suggestions are welcome its urgent.

1 REPLY

Re: placing the CISCO IPS after the firewall will produce latenc

Hi,

How many interface pair (1 pair=2 ports) or ports in your IPS?

If 1 pair, then it's better to put it before firewall, as IPS can be used to filter more vulnerable incoming traffic from internet, compared to outbound access.

But if you have 2 pairs, then you can secure both segments -> before and after firewall.

For latency, it depends on your IPS model. Latency is something you can't avoid due to traffic inspection processes, but nevertheless, it's still acceptable.

Cisco IPS series is measured by its performance.

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps4077/products_data_sheet09186a008014873c.html

Rgds,

AK

323
Views
0
Helpful
1
Replies
CreatePlease to create content