McAfee IIP-S14C-NA-100I Product Guide - Page 15

Network topology considerations, Effective ACL Rules

Get McAfee IIP-S14C-NA-100I - IntruShield 1400 Sensor Appliance PDF manuals and user guides View all McAfee IIP-S14C-NA-100I manuals
Add to My Manuals
Save this manual to your list of manuals

Page 15 highlights

McAfee® IntruShield® IPS 4.1 IntruShield Sensor 1400 Product Guide Before you install Network topology considerations Maximum Type DoS Profiles SYN rate (64-byte packets per second) ACL Rules (refer to note below) I-1400 120 64,000 100 Computing the number of ACL rules utilized per sensor You can calculate the number of ACL rules being utilized per sensor by adding all the rules configured at the sensor-level, port-level, and sub-interface level. Example: Computing ACL rules utilized per sensor On a I-4010 sensor, if you configure 8 rules at the sensor level, 20 rules on port pair 2A-2B, and 10 rules on the sub-interface of 4A-4B, you would have utilized 38 out of the 1000 limit. You can also calculate the number of ACL rules utilized by adding the number of rules displayed under Effective ACL Rules tab at the sensor level, each port level, and each sub-interface level. Computing the number of ACL rules utilized during port clustering When port clustering (interface grouping) is used, and port-level ACL rules are configured, the number of ACL rules utilized (for each port-cluster-level ACL) will be different based on the participant port-types of the cluster. One ACL rule will be consumed per each inline port-pair member, and one ACL rule will be consumed per each SPAN port member of the port cluster. Examples: Computing the effective ACL rule utilization for each port-level ACL rule defined for a portcluster Port cluster 1: If your port cluster consists of 1A-1B (inline, fail-open), 2B (SPAN), and 4A-4B (inline, fail-close), 3 ACL rules will be consumed for each ACL rule configured at the port level. Port cluster 2: If your port cluster consists of 1A (SPAN), 4A (SPAN), 5A (SPAN), 6A6B (inline, fail-close), 4 ACL rules will be consumed for each ACL rule configured at the port level. Network topology considerations Deployment of an IntruShield IPS requires basic knowledge of your network to help determine the level of configuration and amount of installed sensors and ISMs required to protect your network. The IntruShield sensor is purpose-built for the monitoring of traffic across one or more network segments. For more information on the network topology considerations for IntruShield deployment, see Pre-deployment considerations, Planning and Deployment Guide. 7

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
McAfee® IntruShield® IPS 4.1
Before you install
IntruShield Sensor 1400 Product Guide
Network topology considerations
Maximum Type
I-1400
DoS Profiles
120
SYN rate (64-byte packets per second)
64,000
ACL Rules (refer to note below)
100
Computing the number of ACL rules utilized per sensor
You can calculate the number of ACL rules being utilized per sensor by adding all the
rules configured at the sensor-level, port-level, and sub-interface level.
Example: Computing ACL rules utilized per sensor
On a I-4010 sensor, if you configure 8 rules at the sensor level, 20 rules on port pair
2A-2B, and 10 rules on the sub-interface of 4A-4B, you would have utilized 38 out of
the 1000 limit.
You can also calculate the number of ACL rules utilized by adding the number of
rules displayed under
Effective ACL Rules
tab at the sensor level, each port level, and
each sub-interface level.
Computing the number of ACL rules utilized during port clustering
When port clustering (interface grouping) is used, and port-level ACL rules are
configured, the number of ACL rules utilized (for each port-cluster-level ACL) will be
different based on the participant port-types of the cluster. One ACL rule will be
consumed per each inline port-pair member, and one ACL rule will be consumed per
each SPAN port member of the port cluster.
Examples: Computing the effective ACL rule utilization for each port-level ACL rule defined for a port-
cluster
Port cluster 1: If your port cluster consists of 1A-1B (inline, fail-open), 2B (SPAN), and
4A-4B (inline, fail-close), 3 ACL rules will be consumed for each ACL rule configured
at the port level.
Port cluster 2: If your port cluster consists of 1A (SPAN), 4A (SPAN), 5A (SPAN), 6A-
6B (inline, fail-close), 4 ACL rules will be consumed for each ACL rule configured at
the port level.
Network topology considerations
Deployment of an IntruShield IPS requires basic knowledge of your network to help
determine the level of configuration and amount of installed sensors and ISMs
required to protect your network.
The IntruShield sensor is purpose-built for the monitoring of traffic across one or more
network segments. For more information on the network topology considerations for
IntruShield deployment, see
Pre-deployment considerations
,
Planning and Deployment
Guide
.
7