cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

STIG Validations IPS

DISA certify  4000,5000,15000 and 23000 series appliance. Since we migrated to 4000 running R77.30 and enable

IPS blade, and move it new location. Here's my question according to

Navy requires the firewall and IDS/IPS to be separate components.

 

Does IPS Blade works  like separate device on Firewall appliance. Has anyone come across STIG validations where

they had IPS blade enable instead of a separate device and did it pass the audit. If you did,how did you respond to

there requirements.

 

Thanks

 

 

0 Kudos
1 Reply
Admin
Admin

Re: STIG Validations IPS

It depends on what is meant by the phrase "separate components."
In general, all of our software blades are designed to be used together.

If by separate component, they can be be on the same appliance but different people have to manage the different functions, this can be done in R80.x and policies can be pushed independently of each other.
Note that IPS in R77.30 in earlier is tied to the Firewall, so these functions cannot be fully separated.

If by separate components, they mean "physically different appliances," you've got a different problem.
Firewall in particular cannot be completely disabled, even if your goal is to use the system purely as an IPS.
You can, of course, configure the Access Policy as "Any Any Accept" on such an appliance and deploy a different Access Policy on a completely separate appliance.
0 Kudos