Deployment

StoneGate IPS supports both Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) modes and the combination of these two.

IPS (Intrusion Prevention System) mode

In the IPS mode the device is configured inline between the network traffic paths.

Depending on the IPS appliance model, the inline sensor is able to inspect 1-4 physical segments simultaneously or more if VLAN tagging is used. IPS is able to restrict traffic by blocking the traffic or sending requests for a firewall or other Inline IPS to isolate the segment from other networks using a blacklisting. IPS access control functionalities can be extended by using Transparent Access Control (TAC) module.

IPS mode is good to block attacks, if you can identify a clear threat path, for example, traffic from the Internet to DMZ segment, or traffic from internal network to Internet.

IDS (Intrusion Detection System) mode

In the IDS mode the device is passively monitoring a network traffic.

IDS mode can be used for aggregating network traffic from multiple VLANs or physical traffic sources, such as switches and WireTAPs, into one centralized IDS sensor or IDS cluster. IDS is able to restrict traffic by sending resets or requesting a firewall or Inline IPS to isolate the segment from other networks using a blacklisting.

IDS mode is good when you have to protect large Local Area Network (LAN) segments. IDS is able to detect hostile machines even if the devices would not communicate to the other network segments.

Hybrid mode

In the hybrid mode, the same device is configured to function in both modes.

Using the same device in both modes is an efficient and cost-effective solution for smaller implementations.