Symantec 10268947 User Guide - Page 32

32 Architecture About management and detection architecture The appliance provides all the functionality of a Network Security software node, with additional capabilities in the areas of detection, response, and management. This section describes the following topics: ■ About detection on the 7100 Series ■ About response on the 7100 Series About detection on the 7100 Series In addition to the detection facilities of Symantec Network Security software, the 7100 Series appliance provides a new detection feature called interface grouping. About interface grouping Interface grouping, also called port clustering, enables up to four monitoring interfaces to be grouped together as a single logical interface. This is especially useful in asymmetrically routed environments, where incoming traffic is seen on one interface and outbound traffic passes through another. Grouping the interfaces into one logical interface with a single sensor allows state to be maintained during the session, making it possible to detect attacks. About response on the 7100 Series An important new 7100 Series response capability is provided by the addition of in-line monitoring mode. About in-line monitoring mode In-line monitoring mode places the full capabilities of the Symantec Network Security 7100 Series directly into the network path, enabling you to detect and block malicious traffic before it enters your network. With an active sensor monitoring traffic on an in-line interface pair, all packets are examined in real time so that you can prevent intrusions from reaching their targets. By comparison, passive mode supplies monitoring, alerting, and response capabilities, while in-line mode provides all these plus proactive intrusion prevention. About blocking or alerting mode In-line mode protection policies are configurable so that you can choose to block and alert on designated events. You can easily switch between blocking and alerting in the Network Security console.