Manualshelf

Installation guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED
41424344454647484950
41
Defining Traffic Inspection Interfaces for IPS Engines
Repeat these steps to define any additional Capture Interfaces.
Defining Inline Interfaces
The number of Inline Interfaces you can have are limited by the license in use. One Inline
Interface always comprises two Physical Interfaces, as the traffic is forwarded from one
interface to the other. The allowed traffic passes through as if it was going through a network
cable. The traffic you want to stop is dropped by the IPS engine.
Inline Interfaces (like Capture Interfaces) are associated with a Logical Interface, which is used
in the IPS policies and the traffic inspection process to represent one or more IPS engine
interfaces.
Fail-open network cards have fixed pairs of ports. Take particular care to map these ports
correctly during the initial configuration of the engine. Otherwise, the network cards do not
correctly fail open when the IPS engine is offline. If you use the automatic USB memory stick
configuration method for the engine’s initial configuration, the ports are configured
automatically. See Configuring the Engine Automatically with a USB Stick (page 102) for more
information.
To define an Inline Interface
1. Right-click and select New Physical Interface. The Physical Interface Properties dialog
opens.
2. Select the Interface ID.
3. Select Inline Interface as the Type.
4. (Optional) Change the automatically selected Second Interface ID.
5. Leave Inspect Unspecified VLANs selected if you want the IPS engine to inspect traffic
also from VLANs that are not included in the IPS engine’s interface configuration.
6. If your configuration requires you to change the Logical Interface from Default_Eth, select
the Logical Interface in one of the following ways:
Select an existing Logical Interface from the list.
Select Other and browse to another Logical Interface.
Select New to create a new Logical Interface.
7. Click OK.
Repeat these steps to define any additional Inline Interfaces.
What’s Next?
To define Inline Interfaces, proceed to Defining Inline Interfaces.
To define how an inline IPS engine handles traffic when the traffic load is too high,
proceed to Bypassing Traffic on Overload (page 42).
Otherwise, proceed to Finishing the Engine Configuration (page 42).
What’s Next?
To define how an inline IPS engine handles traffic when the load is too high, proceed to
Bypassing Traffic on Overload (page 42).
Otherwise, proceed to Finishing the Engine Configuration (page 42).