Add inline interfaces to IPS engines

There are two interfaces in an inline interface. The traffic is forwarded from one interface to the other.

The traffic that the IPS engine allows goes through the inline interface as if it was going through a network cable. The IPS engine drops the traffic you want to stop.

Inline interfaces are associated with a Logical interface element. The Logical interface is used in the IPS policies and the traffic inspection process to represent one or more IPS engine interfaces.

Fail-open network cards have fixed pairs of ports. Make sure to map these ports correctly during the initial configuration of the engine. Otherwise, the network cards do not correctly fail open when the IPS engine is offline. If you use the automatic USB memory stick configuration method for the engine’s initial configuration, the ports are configured automatically.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click the IPS engine and select Edit <element type>.
    The Engine Editor opens.
  2. In the navigation pane on the left, browse to Interfaces.
  3. Right-click the empty space and select New Physical Interface.
  4. From the Interface ID drop-down list, select an ID number.
  5. From the Type drop-down list, select Inline Interface.
  6. (Optional) From the Second Interface ID drop-down list, change the automatically selected interface ID.
  7. If your configuration requires you to change the logical interface from Default_Eth, select the logical interface in one of the following ways:
    • Select an existing Logical Interface element from the list.
    • Click Select and browse to another Logical Interface element.
    • Click New to create a Logical Interface element, then click OK.
  8. If you want the IPS engine to inspect traffic from VLANs that are not included in the IPS engine’s interface configuration, leave Inspect Unspecified VLANs selected.
  9. If you want the IPS engine to inspect double-tagged VLAN traffic, leave Inspect QinQ selected.
  10. Click OK.
  11. Click Save.

Next steps

Continue the configuration in one of the following ways:
  • Define how the IPS engine handles traffic when the traffic load is too high using the Bypass Traffic on Overload setting.
  • Bind engine licenses to IPS elements.