Types of traffic inspection interfaces for IPS engines
Capture Interfaces and Inline Interfaces on IPS engines pick up traffic for inspection.
- In an IDS-like configuration in which the traffic is only captured for inspection.
- In a full IPS configuration where the IPS engine is installed inline, directly on the traffic path so that traffic must always pass through the IPS engine to reach its destination. Only traffic that attempts to pass through Inline Interfaces can be actively filtered.
Connections picked up through Capture Interfaces can be reset through specially set up Reset Interfaces. To define a Capture Interface, you must define a Reset Interface for it. Capture Interfaces and Inline Interfaces can be defined on the same IPS engine and used simultaneously.
Logical Interface elements allow you to group interfaces together according to network segment and interface type. You can then use the Logical Interface elements as matching criteria when you edit the rules in your IPS policies. There is one predefined Logical Interface element (called default_eth) that can be used in interface configurations. If you want to create both Capture and Inline Interfaces on the same IPS engine, you must add at least one more Logical Interface.