It happens that I am currently discussing a
implementation where I have a basic deployment of
Checkpoint Fw-1:
(Internet)
+
Router
+
Firewall
+
+ - - - - +- - - - -+
+ +
(TrustedZone-Switch) (DMZ-Switch)
There's a firewall interface in every zone , that's in
every switch dedicated to each security zone.Each of
the switches is a Gigabit switch, with servers
connected to them with gigabit nics.IDS implementation
involves configuring an IDS Network Sensor in every
zone (Tz,Dmz,Public Zone)Questions:1.Mirroring:Is it
enough to mirror Firewall Interface on Network Sensor
for each zone or all of the ports in a given
switch.For instance, for DMZ switch with 10 servers
connected to it, should I mirror only the firewall
interface to DMZ-network sensor or should I mirror all
the 10 ports to it?Obviously , every server has one of
the firewall interface as default gateway.2.What if
set up network sensor with a 100FullDuplex interface,
is there any great chance nbetwork sensor drop a huge
amount of packets? Has anyone estimated this loss of
capture by network sensor?JaimeO.
__________________________________________________
Do you Yahoo!?
U2 on LAUNCH - Exclusive greatest hits videos
http://launch.yahoo.com/u2
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
