0
1
I have a network at work, running a domain controller for several workstations and a NAS. All this is behind a Fortigate 100D which has some IPS functionality and is a solid firewall. But I want to implement an IDS as well such as Snort. I'm decent with Snort, but I'm not sure where in the toplogy to place Snort. Would it be connected to the router (gateway) in the port where it passes all packets through Snort and back into the router before passing to rest of network (forget the name, I may be mistaken)?
I don't need details for my specific network, but how do you generally set up a network with a firewall, managed switch and IDS? Anything Fortigate specific would help, but I really just need a general idea how how a topology works with an IDS.
shenk
Posted 2015-02-25T07:14:06.350
Reputation: 159
2
Does your switch support port mirroring?
– heavyd – 2015-02-25T07:57:03.067In order for an IDPS to analyse information on your entire network, it must be able to "see" the traffic moving across the LAN, which is antithetical to the basic Switch definition. Port Mirroring is a great way to get you insight into everything on the switch (though cheap switches may get overwhelmed and drop mirrored packets), so you either need to trunk mirrored links from each switch up to the switch your IDPS is connected to, or you need a multiport IDPS which can connect to each switch (to a mirrored port) like a sensor. The former is more scalable, the latter more reliable. – Frank Thomas – 2015-02-25T13:24:15.500
We have a 3COM 32 port managed switch forget the model, and a Fortigate 100D router. I'm sure port mirroring is supported. But my question is, do I mirror every port? Or just mirror a single port on the Fortigate router/firewall to pass traffic to the IDS and back to the gateway before being sent to the destination on the network. Is this correct? If so what are the options, you mentioned port mirroring, can I mirror a single port on the Fortigate to do this? Is there a better way? Are there an alternative methods? THanks a bunch – shenk – 2015-03-03T04:25:44.337