HPE Community
Comware Based
1830898 Members
1994 Online
110017 Solutions
New Discussion

IPS inline with switch 5500G

 
paxvor
Occasional Advisor

‎11-09-2009 04:00 AM

‎11-09-2009 04:00 AM

IPS inline with switch 5500G



Hi all ..

I have one IPS tipping point and a switch 5500G.

I have vlan already in the switch. How do I configure the switch so traffic to my vlan will be filterd by IPS that's connected to the same switch ?



- paxvor -



0 Kudos
8 REPLIES 8
Fred_Mancen_1
Super Advisor

‎11-09-2009 06:01 AM

‎11-09-2009 06:01 AM

Re: IPS inline with switch 5500G

Hi.



I suppose that you already have security zones configured in the IPS, so you need to connect the IPS to the switch in a port that belongs to the same VLAN as the security zone defined in the IPS port which is connected to the switch. The IPS will filter just the traffic that is routed among different network segments; the local traffic (same network segment) is not filtered by the IPS.



HTH

Regards,
Fred Mancen
0 Kudos
paxvor
Occasional Advisor

‎11-09-2009 11:11 PM

‎11-09-2009 11:11 PM

Re: IPS inline with switch 5500G

thanks for reply



i have security zone in IPS already, which is default any to any. I try to use the IPS between PC, success.

so now i have vlan 2 in my switch. I want to have IPS to filter traffic from other vlan and other subnet to vlan2. so i put the port A of IPS to port vlan2 in switch. to which port and which vlan must i put the port B of IPS ?



- paxvor -



0 Kudos
Fred_Mancen_1
Super Advisor

‎11-10-2009 07:17 AM

‎11-10-2009 07:17 AM

Re: IPS inline with switch 5500G

Usually the administrator need to create the required security zones, ad DMZ, LAN (internal), WAN (external), VPN, and so on. When you connect the IPS to the switch, you need to connect it to a port on the internal network (LAN), that you already did. The second port of the IPS you need to connect to another security zone, or another segment also, if you need to filter the traffic between these two segments. You will create and connect the IPS ports to the switch according your traffic filter needs.



So, you must create another security zone associated to another segment you want to filter and then connect the IPS to a port with this segment assigned to it. But remember that this is a scenario specifical to this topology you've mentioned; an IPS just filter the traffic that pass through the common security zones. Usually the traffic in the LAN is filtered by another devices positioned among each layer on your network (between distribution and core, for example).



HTH.

Regards,
Fred Mancen
0 Kudos
paxvor
Occasional Advisor

‎11-10-2009 10:24 PM

‎11-10-2009 10:24 PM

Re: IPS inline with switch 5500G

I've tried again to create another security zone, and assign the port IPS to zone. but somehow its not working when i put the IPS to switch.



Do I need to add some more configuration to the swith? e.g to tell traffic which destination to vlan 2, will be directed via port connected to IPS.





- paxvor -









0 Kudos
Fred_Mancen_1
Super Advisor

‎11-12-2009 06:01 AM

‎11-12-2009 06:01 AM

Re: IPS inline with switch 5500G

Hi Paxvor.



What is the IPS device you are using? I will try to find something the configuration guide in order to help you.



Regards



Regards,
Fred Mancen
0 Kudos
paxvor
Occasional Advisor

‎11-12-2009 08:59 PM

‎11-12-2009 08:59 PM

Re: IPS inline with switch 5500G

Hi Fred ..



I really appreciate for staying with me.

My IPS is Tipping Point 100 E, my switch is 3com 5500G-EI.

Now I setup any - any in virtual port just to be sure.





- paxvor -

0 Kudos
Fred_Mancen_1
Super Advisor

‎11-13-2009 06:29 AM

‎11-13-2009 06:29 AM

Re: IPS inline with switch 5500G

Paxvor, download this guide:



http://rapidshare.com/files/306405427/techd82-lsmusersguide_v251.pdf.html



Go to page 28, Security Profiles. I think it helps you to solve your problem. This version is not up-to-date, but it can helps. I don't have too much experience with IPS, just something with X-506...I'm learning with you.



Regars.

Regards,
Fred Mancen
0 Kudos
paxvor
Occasional Advisor

‎11-16-2009 09:47 PM

‎11-16-2009 09:47 PM

Re: IPS inline with switch 5500G

Thanks for the link, fred

I guess its tweaking time again .. :)

I'll let you know if I have a progress



- paxvor -



0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.