Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

IPS inline with switch 5500G

paxvor
Occasional Advisor

IPS inline with switch 5500G



Hi all ..

I have one IPS tipping point and a switch 5500G.

I have vlan already in the switch. How do I configure the switch so traffic to my vlan will be filterd by IPS that's connected to the same switch ?



- paxvor -



8 REPLIES
Fred_Mancen_1
Super Advisor

Re: IPS inline with switch 5500G

Hi.



I suppose that you already have security zones configured in the IPS, so you need to connect the IPS to the switch in a port that belongs to the same VLAN as the security zone defined in the IPS port which is connected to the switch. The IPS will filter just the traffic that is routed among different network segments; the local traffic (same network segment) is not filtered by the IPS.



HTH

paxvor
Occasional Advisor

Re: IPS inline with switch 5500G

thanks for reply



i have security zone in IPS already, which is default any to any. I try to use the IPS between PC, success.

so now i have vlan 2 in my switch. I want to have IPS to filter traffic from other vlan and other subnet to vlan2. so i put the port A of IPS to port vlan2 in switch. to which port and which vlan must i put the port B of IPS ?



- paxvor -



Fred_Mancen_1
Super Advisor

Re: IPS inline with switch 5500G

Usually the administrator need to create the required security zones, ad DMZ, LAN (internal), WAN (external), VPN, and so on. When you connect the IPS to the switch, you need to connect it to a port on the internal network (LAN), that you already did. The second port of the IPS you need to connect to another security zone, or another segment also, if you need to filter the traffic between these two segments. You will create and connect the IPS ports to the switch according your traffic filter needs.



So, you must create another security zone associated to another segment you want to filter and then connect the IPS to a port with this segment assigned to it. But remember that this is a scenario specifical to this topology you've mentioned; an IPS just filter the traffic that pass through the common security zones. Usually the traffic in the LAN is filtered by another devices positioned among each layer on your network (between distribution and core, for example).



HTH.

paxvor
Occasional Advisor

Re: IPS inline with switch 5500G

I've tried again to create another security zone, and assign the port IPS to zone. but somehow its not working when i put the IPS to switch.



Do I need to add some more configuration to the swith? e.g to tell traffic which destination to vlan 2, will be directed via port connected to IPS.





- paxvor -









Fred_Mancen_1
Super Advisor

Re: IPS inline with switch 5500G

Hi Paxvor.



What is the IPS device you are using? I will try to find something the configuration guide in order to help you.



Regards



paxvor
Occasional Advisor

Re: IPS inline with switch 5500G

Hi Fred ..



I really appreciate for staying with me.

My IPS is Tipping Point 100 E, my switch is 3com 5500G-EI.

Now I setup any - any in virtual port just to be sure.





- paxvor -

Fred_Mancen_1
Super Advisor

Re: IPS inline with switch 5500G

Paxvor, download this guide:



http://rapidshare.com/files/306405427/techd82-lsmusersguide_v251.pdf.html



Go to page 28, Security Profiles. I think it helps you to solve your problem. This version is not up-to-date, but it can helps. I don't have too much experience with IPS, just something with X-506...I'm learning with you.



Regars.

paxvor
Occasional Advisor

Re: IPS inline with switch 5500G

Thanks for the link, fred

I guess its tweaking time again .. :)

I'll let you know if I have a progress



- paxvor -