Cisco Cisco Firepower Management Center 4000

You can configure your device in either a passive or inline IPS deployment. In a passive deployment, you 
deploy the system out of band from the flow of network traffic. In an inline deployment, you configure 
the system transparently on a network segment by binding two ports together.

The following sections describe configuring your device for passive and inline deployments of the 
FireSIGHT System:

Protection

In a passive IPS deployment, the FireSIGHT System monitors traffic flowing across a network using a 
switch SPAN or mirror port. The SPAN or mirror port allows for traffic to be copied from other ports on 
the switch. This provides the system visibility within the network without being in the flow of network 
traffic. When configured in a passive deployment, the system cannot take certain actions such as 
blocking or shaping traffic. Passive interfaces receive all traffic unconditionally and no traffic received 
on these interfaces is retransmitted.

Protection

You can configure one or more physical ports on a managed device as passive interfaces.

Note that if you edit interfaces and reapply a device policy, Snort restarts for all interface instances on 
the device, not just those you edited.

You configure Sourcefire Software for  X-Series interfaces as either passive or inline when installing the 
Cisco package. You cannot use the FireSIGHT System web interface to reconfigure Sourcefire Software 
for  X-Series interfaces. For more information, see 

Configuring Sourcefire Software for X-Series