Which option is the most effective placement of an IPS device within the infrastructure?
A. Promiscuously, after the Internet router and before the firewall
B. Promiscuously, before the Internet router and the firewall
C. Inline, behind the internet router and firewall
D. Inline, before the internet router and firewall
I was always under the impression that Cisco likes the idea of the IPS being behind the firewall due to less strain on the sensor because some traffic has already been filtered. I agree that “D” could technically be right, I just think “C” is a better choice.
One can make an argument, generally accepted practice is to put an IDS/IPS after the firewall (from the point of view of incoming traffic – i.e. closer to the interior or private network). – which would be then option “D”
read this https://supportforums.cisco.com/t5/intrusion-prevention-systems-ids/correct-placement-of-ids-ips-in-network-architecture/td-p/2632437
Can anyone approve that for the 210-260 exam is “C” the correct option ?