Hello,
I have an 4270 IPS that hangs off of the 6500 core switch along with a pair
of Virtual firewall that hang off the core switch as well, in which each
customer has its own context FW. We have several customer VLANs off the
6500 which are part of the inside interface of the VFW's. We have a SPAN
setup for the source as the inside VLANs going to destination interface of
the 4270. Within the IPS we have VLAN pairs setup to receive the traffic on
the VLANs and it is working fine. Also we have a virtual sensor setup for
customer vlan traffic.
We are working on upgrading the IPS software and signatures so that it is
up to date and removing the SPAN temp until we have it up to date. As of
now there is only 1 interface from the IPS to the core switch. Are there
any capabilities to port-channel the IPS to the core to increase load
capacity? Right now checking interface i see about 350 Mbps being sent
output to the IPS from the core, With more customers we add in the future I
would like to port-channel if capable.
Sorry, I am a routing/switching guy and just getting forced into security :
)
Any recommendations to get me to the right place is much appreciated.
Blogs and organic groups at http://www.ccie.net
Received on Tue May 07 2013 - 13:06:09 ART
This archive was generated by hypermail 2.2.0 : Mon Jun 03 2013 - 06:34:34 ART