IPS transparent mode

Forum|Forum|17 years ago
April 14, 2009
2 replies
4161 views

We are setting up a demo at a customer running a FG310B in transparent mode and IPS only configured. The FG is intercepting 3 different networks, not just internet traffic. The problem is that the firewall is still inspecting the traffic and various TCP timers are enforced. Is there any way to completely stop the firewall rather than changing each TCP timer to suite the traffic? Just have an IPS box in transparent mode.

doshbass

New Member

That sounds like a scary deployment. Depending on teh bandwidth, you really need to apply specific IPS sensors to specific traffic, as identified by Firewall rules. If you have an any any rule with all all on teh IPS sensor, I would not expect particularly good throughput. That said, I think if you try turn assymetrical routing support on, this will basically kill the firewall state inspection and may do what you need. conf sys settings set asymroute enable end

abelio

SuperUser

another approach: if that setup is for a demo and you don' t want affect customer traffic and just log and show that 310b capacity is upgrade the unit to 4.0.2 and configure one single-arm IDS; for that you just to choose which FTG' s interface will be the one that sniff all the traffic, connect it to one hub or span port switch, and define the new interface-policy associated. Include inside all the IPS sensor you want to monitor. Two steps then: 1)enabling ips-sniffer-mode for the choosen interface 2) configure the relevant interface-policy including inside all the IPS sensor you want to monitor hope it helps,

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded