Robert Clemens
1 Nickel

RE: converging multiple external source vlan access ports through IPS to another vlan on switch (pictures help explain)

Daniel,

Thanks for the reply. It is a Dell SecureWorks IPS, the IPS is just inline of any data and the interfaces aren't configured for anything. I haven't followed up with them to see if it is configurable on each interface.

The two ISP are used for both redundancy and different connectivity groups.

The IPS is sitting between the uplink devices and the external ports of the firewall devices. It is checking traffic on the external zone before it even hits our firewalls. The traffic is the same on both sides just "sanitized". So if your public IP is 1.1.1.10/30, then that subnet is passed through the IPS to the "sanitized" side.

The configuration posted works and has for some time. Every so often I have had an issue with one ISP getting ARP information from the wrong devices and we had some "flapping" of a connection.

Maybe it would be easier to see if the IPS could have another couple of NICs to have inline of another similar setup so they could all be vlan'd independently. If they can watch two inline paths on a device that may be the easiest solution.

0 Kudos