EasyManua.ls Logo

Source fire Sourcefire 3D System - Passive Interfaces; Inline Interfaces

Default Icon
280 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Version 5.2 Sourcefire 3D System Installation Guide 29
Understanding Deployment
Understanding Interfaces
Chapter 2
also have routed, switched, and hybrid interfaces. See the following sections for
more information:
Passive Interfaces on page 29
Inline Interfaces on page 29
Switched Interfaces on page 30
Routed Interfaces on page 31
Hybrid Interfaces on page 32
Passive Interfaces
LICENSE: Any
S
UPPORTED DEVICES: Any
You can configure a passive IPS deployment to monitor traffic flowing across a
network using a switch SPAN, virtual switch, or mirror port, allowing traffic to be
copied from other ports on the switch. Passive interfaces allow you to inspect
traffic within the network without being in the flow of network traffic. When
configured in a passive deployment, the system cannot take certain actions such
as blocking or shaping traffic. Passive interfaces receive all traffic unconditionally
and do not retransmit received traffic.
You can configure one or more physical ports on a managed device as passive
interfaces. For more information, see
Connecting Devices to Your Network on
page 32.
Inline Interfaces
LICENSE: Any
S
UPPORTED DEVICES: Any
You configure an inline IPS deployment transparently on a network segment by
binding two ports together. Inline interfaces allow you to install a device in any
network configuration without the configuration of adjacent network devices.
Inline interfaces receive all traffic unconditionally, then retransmit all traffic
received on these interfaces except traffic explicitly dropped.
You can configure one or more physical ports on a managed device as inline
interfaces. You must assign a pair of inline interfaces to an inline set before they
can handle traffic in an inline deployment.
IMPORTANT! If you configure an interface as an inline interface, the adjacent port
on its NetMod automatically becomes an inline interface as well to complete the
pair.
Configurable bypass inline sets allow you to select how your traffic is handled if
your hardware fails completely (for example, the device loses power). You may
determine that connectivity is critical on one network segment, and, on another

Table of Contents