This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS question...

Hi all,

I'm using an UTM 9.006-5 only for "WEB PROTECTION",no packet filter or routing.
So I didn't configure the Masquerading or any other kind of NAT.

Then I enabled also the Intrusion Prevention specifying all the networks involved but
I can't see any kind of activity on the IPS logs.

So is it possible to use the IPS when the UTM is not forwarding the traffic?

Thanks for your answers...

This thread was automatically locked due to age.

Parents

0 BrucekConvergent over 12 years ago

Typically traffic must be passing through the UTM for the IPS to detect activity. I haven't tried this, but you might be able to setup a mirror port on your core switch and connect it to a free port on the UTM, and somehow make that work, but I wouldn't recommend it.

You can set the UTM in bridge mode and have it inspect inbound / outbound internet traffic transparently (at layer 2), that's what we recommend / do for customers that use a different perimeter firewall in front of the UTM.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BrucekConvergent over 12 years ago

Typically traffic must be passing through the UTM for the IPS to detect activity. I haven't tried this, but you might be able to setup a mirror port on your core switch and connect it to a free port on the UTM, and somehow make that work, but I wouldn't recommend it.

You can set the UTM in bridge mode and have it inspect inbound / outbound internet traffic transparently (at layer 2), that's what we recommend / do for customers that use a different perimeter firewall in front of the UTM.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data