Cisco Cisco FirePOWER Appliance 8130
7-3
FireSIGHT System User Guide
Chapter 7 Setting Up an IPS Device
Understanding Inline IPS Deployments
Understanding Inline IPS Deployments
License:
Protection
In an inline IPS deployment, you configure the FireSIGHT System transparently on a network segment
by binding two ports together. This allows the system to be installed in any network environment without
the configuration of adjacent network devices. Inline interfaces receive all traffic unconditionally, but all
traffic received on these interfaces is retransmitted out of an inline set unless explicitly dropped.
by binding two ports together. This allows the system to be installed in any network environment without
the configuration of adjacent network devices. Inline interfaces receive all traffic unconditionally, but all
traffic received on these interfaces is retransmitted out of an inline set unless explicitly dropped.
Configuring Inline Interfaces
License:
Protection
You can configure one or more physical ports on a managed device as inline interfaces. You must assign
a pair of inline interfaces to an inline set before they can handle traffic in an inline deployment.
a pair of inline interfaces to an inline set before they can handle traffic in an inline deployment.
Note that if you edit interfaces and reapply a device policy, Snort restarts for all interface instances on
the device, not just those that you edited. In addition, note that the system warns you if you set the
interfaces in an inline pair to different speeds or if the interfaces negotiate to different speeds.
the device, not just those that you edited. In addition, note that the system warns you if you set the
interfaces in an inline pair to different speeds or if the interfaces negotiate to different speeds.
You configure Sourcefire Software for X-Series interfaces as either passive or inline when installing the
Cisco package. You cannot use the FireSIGHT System web interface to reconfigure Sourcefire Software
for X-Series interfaces. For more information, see
Cisco package. You cannot use the FireSIGHT System web interface to reconfigure Sourcefire Software
for X-Series interfaces. For more information, see
Note
If you configure an interface as an inline interface, the adjacent port on its NetMod automatically
becomes an inline interface as well to complete the pair.
becomes an inline interface as well to complete the pair.
To configure inline interfaces on a virtual device, you must create the inline pair using adjacent
interfaces.
interfaces.
To configure an inline interface:
Access:
Admin/Network Admin
Step 1
Select
Devices > Device Management
.
The Device Management page appears.
Step 2
Next to the device where you want to configure the inline interface, click the edit icon (
).
The Interfaces tab appears.
Step 3
Next to the interface you want to configure as an inline interface, click the edit icon (
).
The Edit Interface pop-up window appears.
Step 4
Click
Inline
to display the inline interface options.
Step 5
Optionally, from the
Security Zone
drop-down list, select an existing security zone or select
New
to add a
new security zone.
Step 6
From the
Inline Set
drop-down list, select an existing inline set or select
New
to add a new inline set.
Note that if you add a new inline set, you must configure it on the Device Management page (
Devices >
Device Management > Inline Sets
) after you set up the inline interface. For more information, see