Inline Mode Configuration – Cisco IPS-Only Deployment in Inline Mode
Inline Mode Configuration
In the following sections, you configure an inline set and then deploy the interface settings to a threat defense. The configuration example also includes the fault-tolerance features that can help you avoid downtime in case of a failure.
Figure 6-5 provides an overview of the lab topology that is used in this chapter. The configuration examples and the command outputs in this chapter are based on this topology.
Figure 6-5 Lab Topology Used in the Configuration Examples in This Chapter
Fulfilling Prerequisites
This chapter assumes that you completed the exercises in the previous chapters and are familiar with the following items at this point:
- In the access control policy, enable logging on the access control rule and on the default action (illustrated in Figure 4-13 and Figure 4-14). It allows you to see events for any connections that go through the threat defense in IPS-only mode.
- This book primarily uses a virtual threat defense to demonstrate configuration steps. However, depending on the threat defense platform you run, you may come across different types of interfaces and model-specific options. For example, if you are running threat defense model 1010, you will find an Ethernet type interface with built-in switch ports (as opposed to the GigabitEthernet type interface on the virtual threat defense). For the interfaces that will participate in an inline set, disable the access mode switch ports (illustrated in Figure 4-5).
- On the virtual environment, enable promiscuous mode on all the connected virtual ports of the virtual switch (illustrated in Figure 2-7). It allows a virtual switch to see any frames that traverse through the threat defense virtual appliance.
- Finally, if you plan to enable the hardware bypass feature, read the official hardware installation guide to determine whether your threat defense model and its network module support this feature. The hardware bypass functionality of Secure Firewall ensures continuity of traffic flow between an inline interface pair in case of any unplanned failure. You will find the feature very helpful if your threat defense experiences any software reboot, hardware crash, or even a power outage.