Re: IDS 4215, right place for a sniffing interface (DMZ or LAN)

[Gary Halleen <ghalleen () cisco com>]

It doesn't matter which interface is used for sensing and which for
monitoring as long as you use one for each.

Gary



On 4/4/07 7:48 PM, "zillah" <forwardtruth () yahoo com> wrote:

> > The first thing you need to do is upgrade your sensor to version 5.1 or
> > 6.0.
> > You have 4.1 software, which is no longer supported.  If you have
> > maintenance on your sensor, the upgrade is no charge.  If you do not have
> > maintenance (called Services for IPS), then you'll need to take care of
> > that
> > first.
> Thanks Gary, yes I am aware of that.
>
>
>
>
> > The 4215 sensor has only two interfaces, and you need one for command and
> > control.  This is the interface that you'll assign an IP address to and
> > use
> > for management purposes.
> Yes you are right .
> According to the specification in the table 5-2 (under IDS 4125, same as
> mine) from the link that I have posted for IDS 4125 , FastEthernet  0/1
> should be for sensing purposes,,,,,,,,,,my case since I am looking to
> monitor a traffic in the DMZ area, I should use Etherent 1 (not 0) for
> monitoring (sensing) , right now Ethernet 0 (not 1) was used, and I guess
> this is wrong ,,,,,,here was my query ?

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------