Intrusion Prevention
Reply
Visitor
mshoukat@btc.com.sa
Posts: 1
Registered: ‎10-16-2011
0

idp HA with Bypass

 

I have two EXTERNAL ISG2000 configured in HA(active -passive), which is also connetted to cisco 6500 core switches in VSYS mode (actice-passive) i have two IDP 800, which i want to insert between the isg2000 and cisco core in HA. Is it possible to configure two ports on the ACM (VR1) and any failure the IDP'S should bypass traffic.

 

Also another VR2 for traffic between untrust (firewall) and DMZ Switch

 

Thanks

MSA

Juniper Employee
danhoward
Posts: 25
Registered: ‎03-12-2010
0

Re: idp HA with Bypass

IDP OS Release 5.1 supports high availability in network designs where you have deployed redundant network paths and use the failure detection features of a firewall, router, or switch to manage the cutover from the primary path to the backup path in cases of failure. Please see the following example:

 

http://www.juniper.net/techpubs/en_US/idp5.1/topics/example/simple/intrusion-detection-prevention-th...

 

We encourage you to provide feedback, comments, and suggestions so that we can improve the documentation. You can send your comments to techpubs-comments@juniper.net, or fill out the documentation feedback form.

 

Thank you.

Juniper Networks
Technical Publications
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.