>From your description it sounds like the network is disrupted whenever the device activates and deactivates its network bypass. Normally the bypass is disabled and the IDS/IPS maintains two distinct network connections between two different switch ports and forwards packets between them as it inspects them. When the most common bypass design is enabled, the two switch ports are electrically connected and the IDS is eliminated from the circuit.
IDS/IPS can be quite clever and can still forward packets surprisingly well even when the two switch ports are configured differently. However, if the device goes into bypass the two mismatched ports will not be nearly so successful. I have heard of failures because one switch port was in full duplex and the other in half duplex as a common problem. There can also be speed mismatches. I have heard of some switches that do not successfully complete auto-configuration after bypass engages. In a related configuration problem I have heard of failures in which a pass-thru cable was used on one side of the IDS/IPS and a cross-over cable was used on the other and this caused the ports to fail to synchronize when the IDS entered bypass. Although I suppose it is possible for the relay in the bypass to fail and no longer close the contacts to engage bypass when it is supposed to, I have never heard of this. You did not mention which model IBM network IPS you had. If it is an older one, retrofitting it with an active bypass unit could provide significant relief. Such a device provides bypass capability by a different means that largely avoids the network reconfiguration problems it sounds like you might be experiencing. Good luck. On Tue, Feb 1, 2011 at 4:53 AM, Shang Tsung <[email protected]> wrote: > Hello, > > We have the following problem. Now and then, the IDS will cause > disruptions to the network, especially after updates. We have an IBM > (ex ISS) Intrusion Detection System with a few network sensors and > several host sensors. The IDS is not managed by us but we have it > outsourced. > > The disruptions mentioned above cause our network engineers extreme > dissatisfaction (and anxiety) about the IDS and they would "burn the > damn thing", if they could. We have 2 - 3 serious issues, causing > downtime, per year. > > My questions are: > > - Are any of you experience the same issues? > - Is these disruptions common to others or should we seriously > consider replacing the IDS and/or the outsourcing company? > - Could this be an issue with our network infrastructure? > > I will appreciate any thoughts. > > Thanks, > ST > > ----------------------------------------------------------------- > Securing Your Online Data Transfer with SSL. > A guide to understanding SSL certificates, how they operate and their > application. By making use of an SSL certificate on your web server, you can > securely collect sensitive information online, and increase business by > giving your customers confidence that their transactions are safe. > http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194 > > > ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
