Cisco Cisco Firepower Management Center 4000

Page of 1844
 
7-6
FireSIGHT System User Guide
 
Chapter 7      Setting Up an IPS Device 
  Configuring Inline Sets
Your network may be set up to route traffic between a host on your network and external hosts through 
different inline interface pairs, depending on whether the traffic is inbound or outbound. If you include 
only one interface pair in an inline set, the device may not correctly analyze your network traffic because 
it might see only half of the traffic.
For devices with inline sets, a software bridge is automatically set up to transport packets after the device 
restarts. If the device is restarting, there is no software bridge running anywhere. If you enable bypass 
mode on the inline set, it goes into hardware bypass while the device is restarting. In that case, you may 
lose a few seconds of packets as the system goes down and comes back up, due to renegotiation of link 
with the device. However, the system will pass traffic while Snort is restarting.
Caution
Changes you make to an existing inline set may interrupt traffic on the device. Changing the maximum 
transmission unit (MTU) interrupts traffic on the device; some packets are transmitted without 
inspection and dropped. The range within which you can set the MTU can vary depending on the 
FireSIGHT System device model and interface type. See 
 for more information.
To edit an existing inline set, click the edit icon (
) next to the set.
To add an inline set:
Access: 
Admin/Network Admin
Step 1
Select 
Devices > Device Management
.
The Device Management page appears.
Step 2
Next to the device where you want to add the inline set, click the edit icon (
).
The Interfaces tab appears.
Step 3
Click 
Inline Sets
.
The Inline Sets tab appears.
Step 4
Click 
Add Inline Set
.
The Add Inline Set pop-up window appears.
Step 5
In the 
Name
 field, type a name for the inline set. You can use alphanumeric characters and spaces.
Step 6
You have two options for selecting inline interface pairs to add to the inline set:
  •
Next to 
Interfaces
, select one or more inline interface pairs, then click the add selected icon (
). 
Use Ctrl or Shift to select multiple inline interface pairs.
  •
To add all interface pairs to the inline set, click the add all icon (
).
Tip
To remove inline interfaces from the inline set, select one or more inline interface pairs and click the 
remove selected icon (
). To remove all interface pairs from the inline set, click the remove all icon 
(
). Disabling either interface in a pair from the Interfaces tab also removes the pair.
Step 7
In the 
MTU
 field, type a maximum transmission unit (MTU), which designates the largest size packet 
allowed.
The range within which you can set the MTU can vary depending on the FireSIGHT System device 
model and interface type. See 
 for more information.