Message Image

Skip main navigation (Press Enter).

SRX

View Only

last person joined: yesterday

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

IPS on the core SRX

Jump to Best Answer

Harut03-20-2019 23:19

Hi, Is it good practice to enable IPS on the core SRX to inspect internal traffic? Please mention ...

spuluka03-21-2019 03:05Best Answer

Defense in depth is always a good idea. The limitations are the capacity of the specific model to handle ...

1. IPS on the core SRX

0 Recommend
Harut
Posted 03-20-2019 23:19

Reply Reply Privately
Hi,

Is it good practice to enable IPS on the core SRX to inspect internal traffic?

Please mention bad impacts to normal traffic.

On the edge SRX IPS is enabled.

Thanks
2. RE: IPS on the core SRX
Best Answer

1 Recommend
spuluka
Posted 03-21-2019 03:05

Reply Reply Privately
Defense in depth is always a good idea. The limitations are the capacity of the specific model to handle the size of the traffic inspected if it is an existing system.

On the data sheet for you model you can see the size of IDP inspection that can be generally done. You then compare this to the amount of traffic on the policies you want to enable inspection to see if the device can handle the load or not. Be sure to understand both peak traffic and your general growth curve.

Powered by Higher Logic