Silence is enforcing the points made in earlier email that IPS devices
skip Intrusion analysis upon very small load on the system. I was
hoping that somebody is going to speak out and prove otherwise.
Actually, this is a 'new' feature for many IPses. For example, Sourcefire
didn't have it as recently as a year ago (although they do now in a particularly
elegant manner).
The Juniper SRX 5800 IPS we just tested last week did NOT pass packets through
un-inspected at high loads, and I don't believe that the SRX even has that
capability. If the IPS is loaded, the whole system slows down.
http://www.networkworld.com/reviews/2009/022309-juniper-firewall-test.html
I am not totally sure, but I suspect that the IPS-1 (Check Point/NFR) that I
tested last year is the same: when it's burdened, packets slow down, not pass
through.
jms
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One Phone: +1 520 324 0494
[email protected] http://www.opus1.com/jms
