IPS deployment in IPS mode
In an inline IPS configuration, the IPS engines are installed directly in the traffic path.
Fail-open network cards are recommended to allow traffic flow when the IPS engines are offline.
CAUTION:
Always use standard cabling methods with an inline IPS engine. Use crossover cables to connect the appliance to hosts and straight cables to connect the appliance to switches.
Figure: Single inline IPS engine
![](GUID-E761D6D0-FDD3-474C-AFEF-6D409400FDAA.png)
Figure: Serial IPS Cluster
![](GUID-7B0937BF-8E3A-41FE-88EF-5224E56DDDF0.png)
The same node handles the packets within a connection.
Figure: Redundant single inline IPS engines alongside a Firewall Cluster
![](GUID-8717E292-515E-4730-9D5E-66CACEC914C0.png)
IPS engines are connected alongside each individual Firewall engine. The IPS engines have the same policy, but they are not clustered.
Note: In this deployment scenario, the Medium-Security Inspection Policy must be used on the IPS engines.