Cisco Cisco Firepower Management Center 2000 Guía De Instalación
2-4
Cisco NGIPS for Blue Coat X-Series Installation and Configuration Guide
Chapter 2 Understanding Deployment
Understanding Deployment Scenarios
You can configure one or more access control policies which you can then apply to one or more Cisco
NGIPS for Blue Coat X-Series installations. Each Cisco NGIPS for Blue Coat X-Series can have only
one currently applied policy.
NGIPS for Blue Coat X-Series installations. Each Cisco NGIPS for Blue Coat X-Series can have only
one currently applied policy.
After you configure your deployment, you apply an access control policy to each Cisco NGIPS for Blue
Coat X-Series in the deployment, configuring subordinate intrusion and file policies as appropriate. See
the FireSIGHT System User Guide for more information on how to configure policies, organize rules in a
policy, and manage access control policies within the FireSIGHT System.
Coat X-Series in the deployment, configuring subordinate intrusion and file policies as appropriate. See
the FireSIGHT System User Guide for more information on how to configure policies, organize rules in a
policy, and manage access control policies within the FireSIGHT System.
Understanding Deployment Scenarios
You can use Cisco NGIPS for Blue Coat X-Series in a passive deployment, either as a stand-alone VAP
supporting an external tap, or in a multi-VAP or VAP group deployment supporting an internal tap. For
more information on passive interfaces, see the FireSIGHT System User Guide. For more information on
creating and configuring a VAP, VAP group, management circuits, and sensing circuits, see
supporting an external tap, or in a multi-VAP or VAP group deployment supporting an internal tap. For
more information on passive interfaces, see the FireSIGHT System User Guide. For more information on
creating and configuring a VAP, VAP group, management circuits, and sensing circuits, see
You apply an access control policy to each Cisco NGIPS for Blue Coat X-Series to handle traffic on your
network according to the rules specified in the applied access control policy. For more information on
access control policies, see the see the FireSIGHT System User Guide.
network according to the rules specified in the applied access control policy. For more information on
access control policies, see the see the FireSIGHT System User Guide.
Using a Passive Deployment
Use a passive deployment for intrusion detection to analyze network traffic for potential intrusions and
store attack data for analysis. A passive deployment receives all traffic unconditionally without
retransmitting any traffic.
store attack data for analysis. A passive deployment receives all traffic unconditionally without
retransmitting any traffic.
External Tap in a Passive Deployment
You can deploy Cisco NGIPS for Blue Coat X-Series in passive mode with an external tap to receive a
copy of inline traffic passing through an external device, such as a physical network tap or a switch
configured for port mirroring.
copy of inline traffic passing through an external device, such as a physical network tap or a switch
configured for port mirroring.