[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ISSForum] Network sensor and clustering



Yes, we have.

However, you will run into the following issues

1. You will use the Switches SPAN capability to IDS, the network guys may disconnect you to do switch debugging with sniffers

2. Congestion and packet loss on the SPAN port. You may have to consider a Gigabit SPAN port and a Gigabit IDS sensor.

We solved it by using ethernet  taps on every main Switch interface and drawing traffic down to a dedicated smaller switch, which is connected to the IDS sensor.

Good luck.

>>> "Aubin,Yves" <yves.aubin@xxxxxxxxxxxx> Wednesday 27, October, 2004 16:43:46 >>>
Hi list,

 

We are currently looking at a solution that involves putting our
firewalls 

in cluster with 2 cisco switches, one for each firewall in the cluster
to 

create some load balancing at the same time.

We want to put the switches on a spanning tree and connect the
RealSecure 

Network Sensor on only 1 of those switches.

 

Has anybody ever attempted something like this, is this feasable and if
so 

is there any issues with the sensor!!!

 

Thanks

 

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx 

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum 

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx 

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.



Disclaimer

This e-mail message shall not be construed as legally binding on the Bank for International Settlements (BIS). As internet communications are not secure, the BIS does not accept responsibility for the content of this message.

This message is intended only for the recipient(s) named above. Any unauthorized disclosure, use or dissemination, either in whole or in part, of this message is prohibited. If you have received this message in error, please inform the sender immediately by return e-mail and delete this message and any attachments thereto from your system. 

Thank you for your co-operation.


_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.