Cisco Cisco FirePOWER Appliance 8360
7-6
FireSIGHT System User Guide
Chapter 7 Setting Up an IPS Device
Configuring Inline Sets
Your network may be set up to route traffic between a host on your network and external hosts through
different inline interface pairs, depending on whether the traffic is inbound or outbound. If you include
only one interface pair in an inline set, the device may not correctly analyze your network traffic because
it might see only half of the traffic.
different inline interface pairs, depending on whether the traffic is inbound or outbound. If you include
only one interface pair in an inline set, the device may not correctly analyze your network traffic because
it might see only half of the traffic.
For devices with inline sets, a software bridge is automatically set up to transport packets after the device
restarts. If the device is restarting, there is no software bridge running anywhere. If you enable bypass
mode on the inline set, it goes into hardware bypass while the device is restarting. In that case, you may
lose a few seconds of packets as the system goes down and comes back up, due to renegotiation of link
with the device. However, the system will pass traffic while Snort is restarting.
restarts. If the device is restarting, there is no software bridge running anywhere. If you enable bypass
mode on the inline set, it goes into hardware bypass while the device is restarting. In that case, you may
lose a few seconds of packets as the system goes down and comes back up, due to renegotiation of link
with the device. However, the system will pass traffic while Snort is restarting.
Caution
Changes you make to an existing inline set may interrupt traffic on the device. Changing the maximum
transmission unit (MTU) interrupts traffic on the device; some packets are transmitted without
inspection and dropped. The range within which you can set the MTU can vary depending on the
FireSIGHT System device model and interface type. See
transmission unit (MTU) interrupts traffic on the device; some packets are transmitted without
inspection and dropped. The range within which you can set the MTU can vary depending on the
FireSIGHT System device model and interface type. See
for more information.
To edit an existing inline set, click the edit icon (
) next to the set.
To add an inline set:
Access:
Admin/Network Admin
Step 1
Select
Devices > Device Management
.
The Device Management page appears.
Step 2
Next to the device where you want to add the inline set, click the edit icon (
).
The Interfaces tab appears.
Step 3
Click
Inline Sets
.
The Inline Sets tab appears.
Step 4
Click
Add Inline Set
.
The Add Inline Set pop-up window appears.
Step 5
In the
Name
field, type a name for the inline set. You can use alphanumeric characters and spaces.
Step 6
You have two options for selecting inline interface pairs to add to the inline set:
•
Next to
Interfaces
, select one or more inline interface pairs, then click the add selected icon (
).
Use Ctrl or Shift to select multiple inline interface pairs.
•
To add all interface pairs to the inline set, click the add all icon (
).
Tip
To remove inline interfaces from the inline set, select one or more inline interface pairs and click the
remove selected icon (
remove selected icon (
). To remove all interface pairs from the inline set, click the remove all icon
(
). Disabling either interface in a pair from the Interfaces tab also removes the pair.
Step 7
In the
MTU
field, type a maximum transmission unit (MTU), which designates the largest size packet
allowed.
The range within which you can set the MTU can vary depending on the FireSIGHT System device
model and interface type. See
model and interface type. See
for more information.