IPS deployment in IPS mode

In an inline IPS configuration, the IPS engines are installed directly in the traffic path.

Fail-open network cards are recommended to allow traffic flow when the IPS engines are offline.

CAUTION:
Always use standard cabling methods with an inline IPS engine. Use crossover cables to connect the appliance to hosts and straight cables to connect the appliance to switches.

Figure: Single inline IPS engine



Figure: Serial IPS Cluster



The same node handles the packets within a connection.

Figure: Redundant single inline IPS engines alongside a Firewall Cluster



IPS engines are connected alongside each individual Firewall engine. The IPS engines have the same policy, but they are not clustered.

Note: In this deployment scenario, the Medium-Security Inspection Policy must be used on the IPS engines.