IPS deployment in IPS mode
In an inline IPS configuration, the IPS engines are installed directly in the traffic path.
Fail-open network cards are recommended to allow traffic flow when the IPS engines are offline.
CAUTION:
Always use standard cabling methods with an inline IPS engine. Use crossover cables to connect the appliance to hosts and straight cables to connect the appliance to switches.
Figure: Single inline IPS engine
Figure: Serial IPS Cluster
The same node handles the packets within a connection.
Figure: Redundant single inline IPS engines alongside a Firewall Cluster
IPS engines are connected alongside each individual Firewall engine. The IPS engines have the same policy, but they are not clustered.
Note: In this deployment scenario, the Medium-Security Inspection Policy must be used on the IPS engines.