Hi All,
We have a single IPS device (IPS4270-20-K9 V7.0(2)E4) to monitor the DMZ and INSIDE zones.
Everything was fine until we found some issue with the IPS manApp and had to reimage the appliance.
We have two VLAN Pairs each to monitor the INISIDE zone and the DMZ. We created one virtual sensor and assigned the same virtual sensor to both the VLAN pairs. However, at this time traffic through the proxy (located in DMZ) was not working. When I created an event action filter to exclude the Proxy IP, traffic through Proxy was working.
I then created another virtual sensor and assigned this virtual sensor to the second vlan pair. It is working fine now. Below are the config:
PROBLEM CONFIG:
service analysis-engine
virtual-sensor IPSVS
description Virtual Sensor
signature-definition sig1
event-action-rules rules1
physical-interface TenGigabitEthernet7/0 subinterface-number 1
physical-interface TenGigabitEthernet7/1 subinterface-number 2
WORKING CONFIG:
service analysis-engine
virtual-sensor IPSVS01
description Virtual Sensor for DMZ
signature-definition sig1
physical-interface TenGigabitEthernet7/0 subinterface-number 1
exit
virtual-sensor IPSVS02
description Virtual Sensor for INSIDE
signature-definition sig0
physical-interface TenGigabitEthernet7/1 subinterface-number 2
I need to know if we can assign the same virtual sensor to two VLAN Pairs. Also, please let me know what is wrong with the first config and why it was not working.
Regards,
Faiz