Nortel 2050 Installation Manual page 19

N TPS 3D S
ORTEL ENSOR AND
The number of detection engines per sensor is limited by the number of detection
resources that are available. Most 3D Sensor models have at least three detection
resources available and can support at least three detection engines: one for IPS,
one for RNA, and the third for RUA.
RNA and RUA detection engines are limited to single detection resources per
detection engine.
An interface set refers to a grouping of one or more sensing interfaces on a
sensor, although a sensing interface can belong to only one interface set at a
time. The Nortel 3D System supports three types of interface sets, but the
interface options available to you depend on the type of sensor and the
capabilities of its sensing interfaces.
Interface Set Types
Type
Use a passive interface set if you deployed the sensor out
Passive
of band from the flow of network traffic.
Use an inline interface set if you deployed the sensor inline
Inline
on your network and the sensing interfaces do not support
automatic fail-open capabilities. Note that you can use any
two of the non-fail-open interfaces on the sensor's network
interface cards as part of an inline interface set.
Use an inline with fail open interface set if you deployed the
Inline with Fail
Open
sensor inline on your network and the sensing interfaces do
support automatic fail-open capabilities. Note that you must
use paired fail-open interfaces on the sensor's network
interface cards for an inline with fail open interface set.
The traditional scenario for deploying 3D Sensors across your network
infrastructure calls for installing a different sensor in each location where you want
to enforce a security policy. In other words, you may want to install one 3D Sensor
in the DMZ and others on each internal network segment. If you have a network
segment with hosts that are likely to be targets of specialized attacks (for
example, a web host farm), you would deploy another 3D Sensor there.
Multiple IPS detection engines on a single 3D Sensor can provide you with more
flexibility in deploying 3D Sensors throughout your network. A detection engine is
like a virtual sensor within a sensor. When you create a detection engine on a 3D
Sensor, you specify which of the sensor's sensing interfaces it uses and what
portion of the sensor's detection resources it can use. You can then create and
apply an intrusion policy that is tuned especially for the network attacks that are
likely to be seen on the segment of the network that the detection engine
monitors. See the "Using Detection Engines and Interface Sets" chapter in the
Nortel TPS 3D System User Guide for more information about creating and using
detection engines.
D C I
EFENSE ENTER NSTALLATION
Chapter 1: Before you begin
Description
G R 4.7.0
UIDE ELEASE
19
PAGE