McAfee IIP-S41K-NA-100I Product Guide - Page 16

Network topology considerations, Port cluster 2: If your port cluster consists of 1A SPAN, 4A SPAN, 6A

Page 16 highlights

McAfee® IntruShield® IPS 4.1 IntruShield Sensor 4000 Product Guide Before you install Network topology considerations Default number of supported UDP Flows Supported UDP Flows DoS Profiles SYN rate (64-byte packets per second) ACL Rules (refer to note below) 100,000 750,000 5000 1,000,000 1000 Computing Number of ACL rules utilized per sensor You can calculate the number of ACL rules being utilized per sensor by adding all the rules configured at the sensor-level, port-level, and sub-interface level. Example: Computing ACL rules utilized per sensor On a I-4010 sensor, if you configure 8 rules at the sensor level, 20 rules on port pair 2A-2B, and 10 rules on the sub-interface of 4A-4B, you would have utilized 38 out of the 1000 limit. You can also calculate the number of ACL rules utilized by adding the number of rules displayed under Effective ACL Rules tab at the sensor level, each port level, and each sub-interface level. Computing Number of ACL rules utilized during port clustering When port clustering (interface grouping) is used, and port-level ACL rules are configured, the number of ACL rules utilized (for each port-cluster-level ACL) will be different based on the participant port-types of the cluster. One ACL rule will be consumed per each inline port-pair member, and one ACL rule will be consumed per each SPAN port member of the port cluster. Examples: Computing the effective ACL rule utilization for each port-level ACL rule defined for a portcluster Port cluster 1: If your port cluster consists of 1A-1B (inline, fail-open), 2B (SPAN), and 4A-4B (inline, fail-close), 3 ACL rules will be consumed for each ACL rule configured at the port level. Port cluster 2: If your port cluster consists of 1A (SPAN), 4A (SPAN), 5A (SPAN), 6A6B (inline, fail-close), 4 ACL rules will be consumed for each ACL rule configured at the port level. Network topology considerations Deployment of an IntruShield IPS requires basic knowledge of your network to help determine the level of configuration and amount of installed sensors and ISMs required to protect your network. The IntruShield sensor is purpose-built for the monitoring of traffic across one or more network segments. For more information on the network topology 8

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35

McAfee® IntruShield® IPS 4.1
Before you install
IntruShield Sensor 4000 Product Guide
Network topology considerations
Default number of supported UDP Flows
100,000
Supported UDP Flows
750,000
DoS Profiles
5000
SYN rate (64-byte packets per second)
1,000,000
ACL Rules (refer to note below)
1000
Computing Number of ACL rules utilized per sensor
You can calculate the number of ACL rules being utilized per sensor by adding all the
rules configured at the sensor-level, port-level, and sub-interface level.
Example: Computing ACL rules utilized per sensor
On a I-4010 sensor, if you configure 8 rules at the sensor level, 20 rules on port pair
2A-2B, and 10 rules on the sub-interface of 4A-4B, you would have utilized 38 out of
the 1000 limit.
You can also calculate the number of ACL rules utilized by adding the number of
rules displayed under
Effective ACL Rules
tab at the sensor level, each port level, and
each sub-interface level.
Computing Number of ACL rules utilized during port clustering
When port clustering (interface grouping) is used,
and port-level ACL rules are
configured, the number of ACL rules utilized (for each port-cluster-level ACL) will be
different based on the participant port-types of the cluster. One ACL rule will be
consumed per each inline port-pair member, and one ACL rule will be consumed per
each SPAN port member of the port cluster.
Examples: Computing the effective ACL rule utilization for each port-level ACL rule defined for a port-
cluster
Port cluster 1: If your port cluster consists of 1A-1B (inline, fail-open), 2B (SPAN), and
4A-4B (inline, fail-close), 3 ACL rules will be consumed for each ACL rule configured
at the port level.
Port cluster 2: If your port cluster consists of 1A (SPAN), 4A (SPAN), 5A (SPAN), 6A-
6B (inline, fail-close), 4 ACL rules will be consumed for each ACL rule configured at
the port level.
Network topology considerations
Deployment of an IntruShield IPS requires basic knowledge of your network to help
determine the level of configuration and amount of installed sensors and ISMs
required to protect your network.
The IntruShield sensor is purpose-built for the monitoring of traffic across one or
more network segments. For more information on the network topology
8