Guidelines for deploying IPS engines and Layer 2 Engines
There are some general deployment guidelines for IPS engines, Layer 2 Engines, and the SD-WAN Manager.
Naturally, there are valid reasons to make exceptions to these general rules depending on the actual network environment.
| Component | General Guidelines |
|---|---|
| Management Server | Position on a central site where it is physically accessible to the administrators responsible for maintaining its operation. |
| Log Servers | Place the Log Servers centrally and locally on sites as needed based on log data volume and administrative responsibilities. |
| Management Clients | Management Clients can be used from any location that has network access to the Management Server and the Log Servers. |
| IPS engines | Position IPS engines at each location so that traffic in all appropriate networks can be inspected. IPS engines can be clustered. Functionally, the IPS Cluster is equal to a single high-performance IPS engine. Cluster deployments set up heartbeat links between the IPS engines. The heartbeat links allow the devices to track each others’ operating status and agree on the division of work. |
| Layer 2 Engines | Position Layer 2 Engines at each location so that traffic in all appropriate networks can be inspected. Layer 2 Engines can be clustered for high availability. Only one Layer 2 Engine node in the Layer 2 Engine Cluster is active at a time. If the active Layer 2 Engine node goes offline, another Layer 2 Engine node automatically starts processing traffic. |
| Master Engines | Position the Master Engines where Virtual Engines are needed. For example, at a hosting location for MSSP services or between networks that require strict isolation. Master Engines can be clustered. A clustered Master Engine provides scalability and high availability. In a Master Engine Cluster, the Virtual Resource is active in one Master Secure SD-WAN Engine at a time. Cluster deployments set up heartbeat links between the engines. The heartbeat links allow the devices to track each others’ operating status, agree on the division of work, and exchange information on traffic. |