I'm interested to know something about where people are putting their intrusion rules now on their firewalls. On firepower its fairly simple, you just apply an intrusion policy to a rule. Usually you just apply it to internet facing traffic right? So stuff going to the internet, and anything from the internet back to your servers has an intrusion policy rule configured (IPS). But I'm now wondering what about datacenter traffic. So say you have 2 firewalls, one that sits between users and the internet, and a separate firewall that sits in the datacenter, which connects back to your core network. Are you applying IPS rules on this datacenter firewall, and if so where (as in, to specific servers, or how are you configuring the rule)?
Note: This is just me understanding design considerations for IPS locations.
No comments:
Post a Comment