IPS deployment in IPS mode
In an inline IPS configuration, the IPS engines are installed directly in the traffic path.
Fail-open network cards are recommended to allow traffic flow when the IPS engines are offline.
CAUTION:
Always use standard cabling methods with an inline IPS engine. Use crossover cables to connect the appliance to hosts and straight cables to connect the appliance to switches.
The same node handles the packets within a connection.
IPS engines are connected alongside each individual Firewall engine. The IPS engines have the same policy, but they are not clustered.
Note: In this deployment scenario, the Medium-Security Inspection Policy must be used on the IPS engines.