Just curious to know how others are handling the physical install of Inline IDP devices. We are looking to move our Proventia G to inline mode as it wasn't installed this way originally.
I was told that in "acts just like a cable" and would not be a problem in passing traffic in the event of a power failure on the device. That's not exactly true. With no power it passes traffic "like a cable" but when power is present the IDP establishes link-state with the 2 switches it's connected to. When power is lost so is link-state with the switches which can invoke a spanning-tree change. This is what happened during our test. It's too bad that the device is not truly "passive" from a link-state perspective so that it would allow the switches to "see" each other through the IDP, but it is what it is. So my suggestion to our network team is to look at options such as "uplinkfast" or "backbonefast" since they are using Cisco switches. I suppose they could use "portfast" on the IDP ports but I have always frowned on "portfast" (which disables Spanning-Tree learning mode) on anything but end user ports. What are other people doing? Regards, Chris Norris CISSP American Modern Insurance Companies Sr. Security Engineer IS Risk and Security Management _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
