Network > Interfaces
217
SonicOS 5.8.1 Administrator Guide
Sample IPS Sniffer Mode Topology
This section provides an example topology that uses SonicWALL IPS Sniffer Mode in a Hewlitt
Packard ProCurve switching environment. This scenario relies on the ability of HP’s ProCurve
Manager Plus (PCM+) and HP Network Immunity Manager (NIM) server software packages to
throttle or close ports from which threats are emanating.
This method is useful in networks where there is an existing firewall that will remain in place,
but you wish to use the SonicWALL’s UTM services as a sensor.
In this deployment the WAN interface and zone are configured for the internal network’s
addressing scheme and attached to the internal network. The X2 port is Layer 2 bridged to the
LAN port – but it won’t be attached to anything. The X0 LAN port is configured to a second,
specially programmed port on the HP ProCurve switch. This special port is set for mirror mode
– it will forward all the internal user and server ports to the “sniff” port on the SonicWALL. This
allows the SonicWALL to analyze the entire internal network’s traffic, and if any traffic triggers
the UTM signatures it will immediately trap out to the PCM+/NIM server via the X1 WAN
interface, which then can take action on the specific port from which the threat is emanating.
E7500
NetworkS ecurity Appliance
ISP
HP ProCurve
Switch
Router
Third-party Firewall
SonicWALL NSA Appliance
File
Server
Email
Server
HP HCM/
NIM + Server
Wireless
Client
Desktop
Client
LAN Connection
X1 WAN Connection
X0-LAN/ L2B Mode