Installation guide
McAfee® Network Security Platform 6.0
Determining optimal Sensor location
Figure 2: Determining optimal sensor location - After
The key is to ensure the redundant Sensors will be scanning the same traffic at the same
point in the network. If you were to instead place one Sensor outside the firewall on one
path and the other Sensor inside the firewall on the other path, the outcome is what
developers like to refer to as “undefined.” That is, there is no telling what false positives
and false negatives, and even instability, such a setup might produce.
Redundant Sensors on a single path
Sensor failover is typically straightforward to implement in the more complicated
environments because Network Security Platform was engineered to seamless slip onto
networks with existing, redundant paths. The irony is that introducing a Sensor failover
Pair onto a network with a single path often requires some additional thought:
A pair of Sensors can run in parallel on a network that otherwise has no or little
redundancy. For example, you might “sandwich” a pair of Sensors between a pair of
switches and use STP to control the failover process. The drawback to relying on STP,
however, is that you inherently complicate the Layer 2 infrastructure and STP convergence
typically takes between 12 and 50 seconds; so it's not ideal.
8