Cisco Cisco Firepower Management Center 4000

Page of 1844
 
7-3
FireSIGHT System User Guide
 
Chapter 7      Setting Up an IPS Device
  Understanding Inline IPS Deployments
Understanding Inline IPS Deployments
License: 
Protection
In an inline IPS deployment, you configure the FireSIGHT System transparently on a network segment 
by binding two ports together. This allows the system to be installed in any network environment without 
the configuration of adjacent network devices. Inline interfaces receive all traffic unconditionally, but all 
traffic received on these interfaces is retransmitted out of an inline set unless explicitly dropped.
Configuring Inline Interfaces
License: 
Protection
You can configure one or more physical ports on a managed device as inline interfaces. You must assign 
a pair of inline interfaces to an inline set before they can handle traffic in an inline deployment.
Note that if you edit interfaces and reapply a device policy, Snort restarts for all interface instances on 
the device, not just those that you edited. In addition, note that the system warns you if you set the 
interfaces in an inline pair to different speeds or if the interfaces negotiate to different speeds.
You configure Sourcefire Software for  X-Series interfaces as either passive or inline when installing the 
Cisco package. You cannot use the FireSIGHT System web interface to reconfigure Sourcefire Software 
for  X-Series interfaces. For more information, see 
Note
If you configure an interface as an inline interface, the adjacent port on its NetMod automatically 
becomes an inline interface as well to complete the pair.
To configure inline interfaces on a virtual device, you must create the inline pair using adjacent 
interfaces.
To configure an inline interface:
Access: 
Admin/Network Admin
Step 1
Select 
Devices > Device Management
.
The Device Management page appears.
Step 2
Next to the device where you want to configure the inline interface, click the edit icon (
).
The Interfaces tab appears.
Step 3
Next to the interface you want to configure as an inline interface, click the edit icon (
).
The Edit Interface pop-up window appears.
Step 4
Click 
Inline 
to display the inline interface options.
Step 5
Optionally, from the 
Security Zone
 drop-down list, select an existing security zone or select 
New
 to add a 
new security zone.
Step 6
From the 
Inline Set
 drop-down list, select an existing inline set or select 
New
 to add a new inline set.
Note that if you add a new inline set, you must configure it on the Device Management page (
Devices > 
Device Management > Inline Sets
) after you set up the inline interface. For more information, see