This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS NetworkSelection question

Hello,

In the IPS part of the web admin I am able to select the networks i want to be protectedby the IPS engine.

At the moment i have 3 networks
LAN
DMZ
Project

Specific LAN machines have access to various services in the DMZ. Namely HTTPS, HTTP, IMAP and SMTP.

The IPS is currently activated on all three networks however I feel it might be more efficient for me to activate it on only the DMZ and Project networks as they have public facing servers.

This might be a very fundamental question however I feel it's important for me to get clarification:

Does the IPS engine only scan incoming packets to the specified networks or does it scan both incoming and outgoing packets?

For example, if i enabled the IPS on:
*DMZ Network
*Project Network

Would the IPS detect an attack going from: DMZ ---> LAN?

If I only enable the IPS engine for the DMZ and Project will that then stop dangerous packets picked up by the rule set from entering the LAN network?

I hope I've made my query as understandable as possible [:)].

I appreciate any insight.

This thread was automatically locked due to age.

Parents

0 BarryG over 11 years ago

OK.

FWIW,
a. a faster CPU and good (Intel/Broadcom) NICs are the path to higher IPS throughput
b. 9.2 has some improvements to the IPS which may help with throughput
c. Tuning the rulesets to match your environement, and specifying your servers under IPS->Advanced helps a little

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 11 years ago

OK.

FWIW,
a. a faster CPU and good (Intel/Broadcom) NICs are the path to higher IPS throughput
b. 9.2 has some improvements to the IPS which may help with throughput
c. Tuning the rulesets to match your environement, and specifying your servers under IPS->Advanced helps a little

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data