Hi
I was just wondering if its possible to have the IDS on Astaro monitor the mirror port on switches, to catch attacks that are behind the firewall on the internal network.
It's possible that this would work: If you have 2 spare NICs, you can try creating create a bridge in Astaro on those NICs, and plug one of them into the mirror port, and leave the other unplugged or, if it won't work, plug it into another unused switch.
Make sure the IPS has the LAN network in it's "Internal Networks" setting.
Note that the IPS uses a lot of CPU and RAM, so you'll need to keep an eye on the hardware graphs and overall performance.
Also, it wouldn't be able to block anything; only log/alert.
