Thanks for the feedback Jay, I will look into it.
On Tue, May 7, 2013 at 1:25 PM, Jay McMickle <jay.mcmickle_at_yahoo.com> wrote:
> Absolutely. Inline interface pairs.
>
> Regards,
> Jay McMickle CCIEx2 #35355 (R/S,Sec)
> Sent from my iPhone
>
> On May 7, 2013, at 12:06 PM, Johnny Morris <johnnymorris01_at_gmail.com>
> wrote:
>
> > Hello,
> >
> > I have an 4270 IPS that hangs off of the 6500 core switch along with a
> pair
> > of Virtual firewall that hang off the core switch as well, in which each
> > customer has its own context FW. We have several customer VLANs off the
> > 6500 which are part of the inside interface of the VFW's. We have a SPAN
> > setup for the source as the inside VLANs going to destination interface
> of
> > the 4270. Within the IPS we have VLAN pairs setup to receive the traffic
> on
> > the VLANs and it is working fine. Also we have a virtual sensor setup for
> > customer vlan traffic.
> >
> > We are working on upgrading the IPS software and signatures so that it is
> > up to date and removing the SPAN temp until we have it up to date. As of
> > now there is only 1 interface from the IPS to the core switch. Are there
> > any capabilities to port-channel the IPS to the core to increase load
> > capacity? Right now checking interface i see about 350 Mbps being sent
> > output to the IPS from the core, With more customers we add in the
> future I
> > would like to port-channel if capable.
> >
> > Sorry, I am a routing/switching guy and just getting forced into
> security :
> > )
> >
> > Any recommendations to get me to the right place is much appreciated.
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue May 07 2013 - 20:29:57 ART
This archive was generated by hypermail 2.2.0 : Mon Jun 03 2013 - 06:34:34 ART