Cisco Cisco FirePOWER Appliance 8250
C H A P T E R
7-1
FireSIGHT System User Guide
7
Setting Up an IPS Device
You can configure your device in either a passive or inline IPS deployment. In a passive deployment, you
deploy the system out of band from the flow of network traffic. In an inline deployment, you configure
the system transparently on a network segment by binding two ports together.
deploy the system out of band from the flow of network traffic. In an inline deployment, you configure
the system transparently on a network segment by binding two ports together.
The following sections describe configuring your device for passive and inline deployments of the
FireSIGHT System:
FireSIGHT System:
•
•
•
•
•
•
Understanding Passive IPS Deployments
License:
Protection
In a passive IPS deployment, the FireSIGHT System monitors traffic flowing across a network using a
switch SPAN or mirror port. The SPAN or mirror port allows for traffic to be copied from other ports on
the switch. This provides the system visibility within the network without being in the flow of network
traffic. When configured in a passive deployment, the system cannot take certain actions such as
blocking or shaping traffic. Passive interfaces receive all traffic unconditionally and no traffic received
on these interfaces is retransmitted.
switch SPAN or mirror port. The SPAN or mirror port allows for traffic to be copied from other ports on
the switch. This provides the system visibility within the network without being in the flow of network
traffic. When configured in a passive deployment, the system cannot take certain actions such as
blocking or shaping traffic. Passive interfaces receive all traffic unconditionally and no traffic received
on these interfaces is retransmitted.
Configuring Passive Interfaces
License:
Protection
You can configure one or more physical ports on a managed device as passive interfaces.
Note that if you edit interfaces and reapply a device policy, Snort restarts for all interface instances on
the device, not just those you edited.
the device, not just those you edited.
You configure Sourcefire Software for X-Series interfaces as either passive or inline when installing the
Cisco package. You cannot use the FireSIGHT System web interface to reconfigure Sourcefire Software
for X-Series interfaces. For more information, see
Cisco package. You cannot use the FireSIGHT System web interface to reconfigure Sourcefire Software
for X-Series interfaces. For more information, see