User guide
Appliance Adapter Modes
17
Proventia Network IPS G and GX Appliance User Guide
Appliance Adapter Modes
Introduction The inline appliances include three adapter modes as follows:
● inline protection
● inline simulation
● passive monitoring
You selected one of these operation modes when you configured the appliance settings.
Using the Proventia Configuration menu, if you like, you can use the default operation
mode and select a different one later.
Adapter modes
Inline Protection
This mode allows you to fully integrate the appliance into the network infrastructure. In
addition to the block and quarantine responses, all firewall rules are enabled, and the full
security policy you apply to the appliance is enabled.
Inline Simulation
This mode allows you to monitor the network using the appliance without affecting traffic
patterns. In addition to the traditional Block response, the appliance also uses the
Quarantine response. Packets are not dropped when these responses are invoked, and the
appliance does not reset TCP connections by default. This mode is helpful for baselining
and testing your security policy without affecting network traffic.
Passive Monitoring
This mode replicates traditional passive intrusion detection system (IDS) functionality,
monitoring network traffic without sitting inline. It mainly responds to intrusions with a
traditional block response. If the appliance encounters suspicious network activity, it
sends a reset to block a TCP connection. This mode is helpful for determining what type of
inline protection your network requires.
Changing appliance
adapter modes
If you change between the passive monitoring mode and the inline simulation or inline
protection mode, you must also change the network connections to your appliance. An
appliance operating in passive monitoring mode requires a connection to a tap, hub, or
SPAN port.
If you change the appliance adapter mode from inline simulation to inline protection, you
may need to modify some advanced parameters to set them appropriately for inline
protection. See “Editing network adapter card properties” on page 125 for more
information.