If the IPS unit has a physical bypass function, which in effect joins the
INT and EXT ports together, then port negotiation is of upmost importance.
Autosense should work fine in most scenarios, but the important thing is
that you test the IPS in both inline and bypass modes to ensure traffic is
not disrupted. Extend these checks a little further by making sure STP
operation and any link-state protocols aren't broken by doing this either.
The most fun you'll have is with different manufacturer's GBICs. There can
be a world of difference between hard coded 1000FDX and auto-sensed 1000FDX.
Sounds the same, but it's not. Trust me... :)
Regards,
Tim
----- Original Message -----
From: <ferg@furg.net>
To: <focus-ids@securityfocus.com>
Sent: Wednesday, September 14, 2005 8:21 AM
Subject: Auto-sensing for IPS devices
Hi there,
In a typical enterprise IPS deployment would it be normal to leave
auto-sensing on the IPS and on the switches it was connected to, especially
in 10/100/1000, or would it be wiser to set both ends to a particular speed?
I have heard there may be issues with CRC errors etc.
Thanks...
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
