RSP & Packages

turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Employee
Employee
fmemon
Posts: 16
Registered: 06-17-2010
0

Re: Question about Snort on RSP

Options

11-14-2011 11:55 AM

Hi LouisP,

 

The way the RSP packge is now it can't be used in that manner.  This request has come in before and we are looking into making something that would work for that type of deployment. 

 

Thanks,

Faisal

Message 1 of 2 (429 Views)
 
Reply
Fry SpinIT
Fry
SpinIT
Posts: 4
Registered: 11-09-2011
0

Question about Snort on RSP

Options

11-09-2011 07:36 AM

Question for anyone who's tried the RSP Snort package:

 

As per the documentation, it is monitoring traffic to/from the LAN/WAN, and is installed on the WAN-side of the RiOS.  Can the package be used to sniff the LAN via a SPAN/monitor port on a switch connected to the AUX on the Steelhead?

 

What I'm thinking is we have Cascade Sensor-VE RSPs on most of our sites, and I'd like to leverage the Snort RSP for IDS/IPS on the local LAN.  Since the Sensor-VE is reading the core switch SPAN port, if I can make the Snort package use that port for the LAN interface, I should be able to monitor all LAN traffic (not just traffic destined for the WAN), correct?

 

Thanks for any advice/info anyone can give me.

 

 

LouisP

Message 2 of 2 (446 Views)
 
Reply

© Copyright 2012 Riverbed Technology. All rights reserved Riverbed.com | Contact Us | Technical Support | Terms & Conditions | Privacy Policy

‬‪‬‪‬‪