SRX

Expand all | Collapse all

Does it make sense to have IDP monitor both from and to the Internet

Jump to Best Answer
  • 1.  Does it make sense to have IDP monitor both from and to the Internet

    Posted 06-27-2017 19:37

    I have a security policy - from-zone Internet to-zone Internal application idp

     

    Does it make sense to also have a policy - from-zone Internal to-zone Internet?



  • 2.  RE: Does it make sense to have IDP monitor both from and to the Internet
    Best Answer

     
    Posted 06-27-2017 23:31

    Hi badgerdata,

     

    I am afraid there is right or wrong answer to this question. It is the general practice to have IDP inspect traffic coming from untrusted sources since the chances of malicious traffic in that direction is more. Having said that you can apply IDP in other directions as well, but do keep in mind that IDP is a CPU intensive process. More traffic you parse through IDP more CPU it will consume. So base your decision on the amount of traffic you have and amount of detection you want and hardware you are running. 

     

    Regards,

    Anand

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....