Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
558
Views
0
Helpful
2
Replies

Dual Routers, How many sensors

akah0mer
Level 1
Level 1

‎04-17-2002 03:46 AM - edited ‎03-08-2019 10:21 PM

If I have a primary and backup router on the edge of my network, will I need 2 sensors in the event that the router with the management link goes down?

or

Can one sensor switch routes (for management) in the event of the primary link going down?

Thanks

Labels:
0 Helpful
2 Replies 2

stleary
Cisco Employee
Cisco Employee

‎04-18-2002 02:25 PM

Here is some information that may help you decide, and then

a follow up question...

A sensor can be configured to control more than one router. If one of

the routers is offline, that should not affect the performance of the sensor.

Suppose one of the routers goes offline, and the other router immediately

goes online. The sensor will take 0 - 75 seconds to establish

communications with the online router, so there will be a window where

blocking will not be applied. But once communications is established,

any oustanding blocks will be applied. Of course, if both routers had been

online, and one goes offline, then there would be no delay because blocks

would have been applied to both routers all along.

The followup question is, will this work for you, or do you think it would be

useful to be able to configure the sensor to automatically and

immediately switch to a backup router if the primary router goes offline?

0 Helpful

marcabal
Cisco Employee
Cisco Employee

‎04-19-2002 12:28 PM

This answer differs slightly depending on whether you are talking about the monitoring interface or the command and control interface.

Monitoring Interface:

If both the Routers are connected to the same hub or switch then the sniffing interface would be receiving packets from the hub or switch (via span) regardless of which router is in use. So only a single sensor would be needed.

If, however, the routers are connected to different switches then in most cases you would need 2 sensors (one for each switch).

Command and Control Interface:

IS the sensor commicating to CSPM or Unix Director through the routers? If not (i.e. CSPM or Unix DIrector are on same net as sensor command and control) then the switching of the routers won't make a difference on communicating with CSPM or Unix Director.

If the sensor is communicating with CSPM or Unix DIrector through the router then it becomes a question of how the backup was implemented. If the routers are sharing a common ip address so all machines can set that ip address as the default route then the sensor won't care which router is active.

If, however, the routers have different ips and all machines have to know about both routers then you get a strange situation. There may be away to setup a second route within the sensor to accomplish this.

The easiest way to determine this is to find out how the other machines are configured that are using the routers to route their traffic.

As for having the sensor manage the routers, then that is easy because one sensor can manage both routers.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents