Configuring the interface list

Use the Interface List area to view and manage network security interfaces.

About this task

Navigating in IPS Local Management Interface: Manage System Settings > Network > Security Interfaces

Navigating in SiteProtector™ Management: select the Security Interfaces policy

Procedure
  1. In the Interface List area, select the appropriate port.
  2. Click the Edit icon.
  3. Change any listed settings to fit your network.
    Option Description
    Mode (Non HA) Sets the monitoring or protection mode for the appliance.
    • Inline Protection. The appliance monitors traffic inline, and blocks attacks that are configured with the quarantine response, dynamic blocking response, and firewall rules.
      Note: This is the default mode of the appliance.
    • Inline Simulation. The appliance monitors traffic inline, but does not block any traffic. Instead, the appliance monitors traffic and provides passive responses.
    • Monitoring. The appliance monitors traffic from a tap, hub, or span port.
    Port ID Assigns a meaningful name to either port ends of the network segment. This setting is repeated so you can pair ports together that define specific network segments.
    Example: Port A through port B is the Finance Department Network Segment.
    TCP Resets Specifies whether the appliance sends TCP resets through this port or through the external TCP reset port.
    Port Speed/Duplex Settings Sets the link speed and mode for the network adapter.
    • Auto or Auto Negotiate. Sets the best common mode automatically the moment two interfaces are connected. This setting works for most environments. An exception is an environment with a switch or other network device that does not support auto-negotiation. Another exception is a case where the auto-negotiation process takes too long to establish a link.
      Note: The auto setting for the GX6000 series appliances link at 1 gigabit per second.
    • 10 MB Half Duplex. Devices transmit or receive data at 10 megabits per second but not at the same time.
    • 10 MB Full Duplex. Devices transmit and receive data at 10 megabits per second in both directions at the same time.
    • 100 MB Half Duplex. Devices transmit or receive data at 100 megabits per second but not both at the same time.
    • 100 MB Full Duplex. Devices transmit and receive data at 100 megabits per second in both directions at the same time.
    • 1000 MB Full Duplex. Devices transmit and receive data at 1000 megabits per second in both directions at the same time.
    Unanalyzed Policy Controls how the appliance processes traffic when the network is congested.
    • Forward. Forwards traffic without processing it. When traffic levels return to normal, the system resumes normal operation. Always use the Forward setting when the appliance is set to inline simulation mode.
    • Drop. Blocks some of the traffic without processing it. When traffic levels return to normal, the system returns to normal operation.
    Propagate Link Use this setting when the mode is set to either inline protection or inline simulation.
    • Auto. Uses the most appropriate link setting, based on how the network segment is configured. If the appliance is in inline protection, inline simulation, or HA mode, then the propagate link setting behaves as true. If the appliance is in passive monitoring mode, the setting behaves as false.
    • True. The link on the corresponding inline port breaks when one of the links is down (such as when a cable is broken or disconnected).
    • False. The link on the corresponding inline port is left intact when one of the links is down.