SRX

Expand all | Collapse all

Firewall Vs IPS

Jump to Best Answer
  • 1.  Firewall Vs IPS

    Posted 07-06-2017 09:53

    when implementing both devices in the network :

    1- Should the IPS exist before or after the firewall ???

    2- Should i stop some features in the firewall like screen options as the IPS can perform it .

    3- If yes what other features that should be off in the firewall ?



  • 2.  RE: Firewall Vs IPS
    Best Answer

     
    Posted 07-06-2017 20:06

    Hi AhmedMohamed,

     

    Please find answers inline:

     

    when implementing both devices in the network :

    1- Should the IPS exist before or after the firewall ???

     

    -- It should be after. The reason being you dont want the IPS to be processing each and every packet through the device. IPS should be enabled only in the policies where you suspect malicious traffic to come in through

     

    2- Should i stop some features in the firewall like screen options as the IPS can perform it .

     

    -- Screens and IPS perform very different functions. Screens can be either statistics based or signature based but irrespective of how you deploy them, screens will only inspect and action until Layer 4 and not beyond that. 

     

    3- If yes what other features that should be off in the firewall ?

     

    -- you might want to consider disabling other features if you are seeing a hit to the performance of the FW. So this question really depends on the amount of traffic you inspect through IDP. 

     

    Regards,

    Anand

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too