Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Antonis
New Contributor

IPS transparent mode

We are setting up a demo at a customer running a FG310B in transparent mode and IPS only configured. The FG is intercepting 3 different networks, not just internet traffic. The problem is that the firewall is still inspecting the traffic and various TCP timers are enforced. Is there any way to completely stop the firewall rather than changing each TCP timer to suite the traffic? Just have an IPS box in transparent mode.
2 REPLIES 2
doshbass
New Contributor III

That sounds like a scary deployment. Depending on teh bandwidth, you really need to apply specific IPS sensors to specific traffic, as identified by Firewall rules. If you have an any any rule with all all on teh IPS sensor, I would not expect particularly good throughput. That said, I think if you try turn assymetrical routing support on, this will basically kill the firewall state inspection and may do what you need. conf sys settings set asymroute enable end
Still learning to type " the"
Still learning to type " the"
abelio
SuperUser
SuperUser

another approach: if that setup is for a demo and you don' t want affect customer traffic and just log and show that 310b capacity is upgrade the unit to 4.0.2 and configure one single-arm IDS; for that you just to choose which FTG' s interface will be the one that sniff all the traffic, connect it to one hub or span port switch, and define the new interface-policy associated. Include inside all the IPS sensor you want to monitor. Two steps then: 1)enabling ips-sniffer-mode for the choosen interface 2) configure the relevant interface-policy including inside all the IPS sensor you want to monitor hope it helps,

regards




/ Abel

regards / Abel
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors