Just curious to know how others are handling the physical install of Inline
IDP devices. We are looking to move our Proventia G to inline mode as it
wasn't installed this way originally.
I was told that in "acts just like a cable" and would not be a problem in
passing traffic in the event of a power failure on the device. That's not
exactly true. With no power it passes traffic "like a cable" but when power
is present the IDP establishes link-state with the 2 switches it's
connected to. When power is lost so is link-state with the switches which
can invoke a spanning-tree change.
This is what happened during our test. It's too bad that the device is not
truly "passive" from a link-state perspective so that it would allow the
switches to "see" each other through the IDP, but it is what it is.
So my suggestion to our network team is to look at options such as
"uplinkfast" or "backbonefast" since they are using Cisco switches. I
suppose they could use "portfast" on the IDP ports but I have always
frowned on "portfast" (which disables Spanning-Tree learning mode) on
anything but end user ports.
What are other people doing?
Regards,
Chris Norris CISSP
American Modern Insurance Companies
Sr. Security Engineer
IS Risk and Security Management
_______________________________________________
ISSForum mailing list
ISSForum@iss.net
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@iss.net
The ISSForum mailing list is hosted and managed by Internet Security Systems,
6303 Barfield Road, Atlanta, Georgia, USA 30328.
