I have a SSG-140 that I have been running for months. As part of a network upgrade, I am required to install a IPS device (Nitro 1225) and Im having some trouble with the IPS device returning false positives. After some discussion with the IPS support guys, it's because of how it's connected to my network. I need some help figuring how to get a SSG-140 configured.
Below is direct from the install documentation of the IPS;
"You must locate the IPS device between the trusted and untrusted sides of your network. The trusted side of your network is the side of your network you wish to protect, whereas the untrusted side is the side you intend to leave unprotected. For example, you could locate your IPS between your firewall (untrusted side) and your switch (trusted side). Because network
configurations vary greatly, your selection of location depends on your individual security requirements and network environment."
Here is how I have it connected to my network (I didn't set this up, i came into the network with it being configured...);
ISP connection is coming from a DMARC extension to my switch -> from switch to port 0/2 on SSG-140 -> from port 0/0 on SSG-140 to the "untrusted" port on my IPS -> from the "trusted" port on my IPS to port on switch.
Here is the interfaces on my SSG-140;
NAME - IP - ZONE - TYPE
ethernet0/0 - 192.168.100.1/24 - Trust Layer3 (local subnent)
ethernet0/1 - 192.168.200.1/24 - Trust Layer3 (subnet for phones)
ethernet0/2 - 66.232.69.66/28 - Untrust Layer3 (Public/ISP)
ethernet0/3 - 192.168.101.1/24 - Trust Layer3 (branch office subnet)
ethernet0/4 - 0.0.0.0/0 - Null Unused
ethernet0/5 - 0.0.0.0/0 - Null Unused
ethernet0/6 - 0.0.0.0/0 - Null Unused
ethernet0/7 - 10.1.254.1/24 - Trust Layer3 (branch office subnet)
ethernet0/8 - 0.0.0.0/0 - Null Unused
ethernet0/9 - 0.0.0.0/0 - Null Unused
tunnel.1 - unnumbered - Untrust Tunnel
tunnel.2 - unnumbered - Untrust Tunnel
tunnel.3 - unnumbered - Untrust Tunnel
tunnel.4 - unnumbered - Untrust Tunnel
tunnel.5 - unnumbered - Untrust Tunnel
tunnel.6 - unnumbered - Untrust Tunnel
tunnel.7 - unnumbered - Untrust Tunnel
vlan1 - 0.0.0.0/0 - VLAN Layer3
Okay, now my question... Is this the best or configuration of the SSG? If not how would you suggest I configure it?
I was thinking instead of plugging the connection from my ISP into my switch, plug it right into port 0/2 on the SSG-140? To me it is silly it's plugged into the switch then to the SSG...
Mark C.
Below is direct from the install documentation of the IPS;
"You must locate the IPS device between the trusted and untrusted sides of your network. The trusted side of your network is the side of your network you wish to protect, whereas the untrusted side is the side you intend to leave unprotected. For example, you could locate your IPS between your firewall (untrusted side) and your switch (trusted side). Because network
configurations vary greatly, your selection of location depends on your individual security requirements and network environment."
Here is how I have it connected to my network (I didn't set this up, i came into the network with it being configured...);
ISP connection is coming from a DMARC extension to my switch -> from switch to port 0/2 on SSG-140 -> from port 0/0 on SSG-140 to the "untrusted" port on my IPS -> from the "trusted" port on my IPS to port on switch.
Here is the interfaces on my SSG-140;
NAME - IP - ZONE - TYPE
ethernet0/0 - 192.168.100.1/24 - Trust Layer3 (local subnent)
ethernet0/1 - 192.168.200.1/24 - Trust Layer3 (subnet for phones)
ethernet0/2 - 66.232.69.66/28 - Untrust Layer3 (Public/ISP)
ethernet0/3 - 192.168.101.1/24 - Trust Layer3 (branch office subnet)
ethernet0/4 - 0.0.0.0/0 - Null Unused
ethernet0/5 - 0.0.0.0/0 - Null Unused
ethernet0/6 - 0.0.0.0/0 - Null Unused
ethernet0/7 - 10.1.254.1/24 - Trust Layer3 (branch office subnet)
ethernet0/8 - 0.0.0.0/0 - Null Unused
ethernet0/9 - 0.0.0.0/0 - Null Unused
tunnel.1 - unnumbered - Untrust Tunnel
tunnel.2 - unnumbered - Untrust Tunnel
tunnel.3 - unnumbered - Untrust Tunnel
tunnel.4 - unnumbered - Untrust Tunnel
tunnel.5 - unnumbered - Untrust Tunnel
tunnel.6 - unnumbered - Untrust Tunnel
tunnel.7 - unnumbered - Untrust Tunnel
vlan1 - 0.0.0.0/0 - VLAN Layer3
Okay, now my question... Is this the best or configuration of the SSG? If not how would you suggest I configure it?
I was thinking instead of plugging the connection from my ISP into my switch, plug it right into port 0/2 on the SSG-140? To me it is silly it's plugged into the switch then to the SSG...
Mark C.