cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
349
Views
0
Helpful
1
Replies

Desing Network IDS. Where to put IDS'S?

a.manso
Level 1
Level 1

I have a client with Firewalls PIX 525 in your network. The firewall have:

- Interface Inside to the inside network

- Interface Outside to the outside network (internet, routers, etc...)

- Interface DMZ1 to the DMZ network (Public servers)

- Interface Management to the Management network (CiscoWorks, syslog, etc...)

there are two firewalls, an active firewall and a failover firewall with stateful failover.

I want improve the security with network IDS, and I have through install two 4215 in the outside and DMZ1 network.

What do you Think?

Is a Good side to place the IDS's?

throughput Network IDS 4215 = 80 mbps

What is the problem if the traffic is of 100 Mbps?

Thanks

1 Reply 1

tohuang
Level 1
Level 1

Hi ,

For the traffic from internet to your servers, the packet will hit to outside interface of the pix first. I'll suggest you put the sensing interface of the sensor on Interface Outside to monitor the traffic coming from outside to your network, put the manage interface under Interface Management so that the manage application can communicate with sensor easier. And of course, pix is the blocking device in this topology.

Thanks

Tony

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: