Hi,
is anyone here using IDS/IPS to secure interlan LANs (VLANS) for example:
CLIENT VLAN to Server VLAN = IDS Protect Server
CLIENT VLAN1 to Client VLAN2 = IDS Protect Client
I would like to get some experience if it works good und make sense?
We are routing our internal VLANs with the Fortigate.
Regards
Tobi
Hi, Thats a good question. We do IDP/IDS between Client and Server VLAN. I think it depends on your environment. We have a open policy, all Notebooks can also be used at home and any user is able to install stuff. Thats why I have enabled IDS and AV between the VLANs. I'm wondering what the community means, make sense? Best
________________________________________________________
--- NSE 4 ---
________________________________________________________
'correct' is a strong word. No two networks are identical.
Only one thing to ponder:
if you apply IPS to client traffic load on the FGT will increase, sometimes substantially. But it's effective nonetheless - these days I cut off a client machine using bad, bad proxying (trying to circumvent the firewall??) by applying my default 'no proxy' IPS settings. Just to discover my client had installed a company proxy server, without communicating this.
Segmenting the LAN in VLANs for functional groups (like servers) is a good practice. Securing the server VLAN may just be enough for many installations.
User | Count |
---|---|
2548 | |
1354 | |
795 | |
646 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.