Manualshelf

Installation guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED
11121314151617181920
20
Chapter 2 Planning the Installation
Switch SPAN Ports
A Switched Port Analyzer (SPAN) port is used for capturing network traffic to a defined port on a
switch. This is also known as port mirroring. The capturing is done passively, so it does not
interfere with the traffic.
An IPS engine’s or Layer 2 Firewall’s Capture Interface can be connected directly to a SPAN port
of a switch. All the traffic to be monitored must be copied to this SPAN port.
Network TAPs
A Test Access Port (TAP) is a passive device located at the network wire between network
devices. The capturing is done passively, so it does not interfere with the traffic. With a network
TAP, the two directions of the network traffic is divided to separate wires. For this reason, the IPS
engine needs two Capture Interfaces for a network TAP; one Capture Interface for each direction
of the traffic. The two related Capture Interfaces must have the same Logical Interface that
combines the traffic of these two interfaces for inspection. You could also use the pair of
Capture Interfaces to monitor traffic in two separate network devices.
Cabling Guidelines
Follow standard cabling with inline IPS engines and Layer 2 Firewalls:
Use straight cables to connect the Layer 2 Firewalls and IPS engines to switches.
Use crossover cables to connect the Layer 2 Firewalls and IPS engines to hosts (such as
routers or Firewalls).
Also, make sure the copper cables are correctly rated (CAT 5e or CAT 6 in gigabit networks).
Cabling for Master Engines that host Virtual IPS engines or Virtual Layer 2 Firewalls follows the
same principles as the cabling for inline IPS engines and Layer 2 Firewalls.
Illustration 2.1 Correct Cable Types for Single IPS Engines
Note – Fail-open network interface cards support Auto-MDIX, so both crossover and straight
cables may work when the IPS engine is online. However, only the correct type of cable
allows traffic to flow when the IPS engine is offline and the fail-open network interface
card is in bypass state. It is recommended to test the IPS deployment in offline state to
make sure that the correct cables are used.