Question about Inline mode

["Albert E. Whale" <aewhale () ABS-CompTech com>]

I have been asked to develop an IDS/IPS solution which can span multiple
zones behind a firewall.

While I have reservations in implementing a single box to become an
active sensor for IDS/IPS solutions on the networks.

 In addition to believing that this is the wrong strategy to use in
protecting internal networks (I am supposed to protect 4 internal
networks), I am not certain of the correct configuration of the host server.

In an Inline mode, are the network interfaces linked?  What network
configuration is required for IDS/IPS or inline configuration?

Does the inline mode require two interfaces?

Can Snort support multiple networks, simultaneously?  Does this reduce
the throughput capability of the monitor?

Thanks, I have deployed Snort before, but your answers will further
document my case.
-- 

Albert E. Whale, CHS CISA CISSP
Senior Technology & Security Director
*ABS Computer Technology, Inc. *
412-635-7488 ext 100
aewhale () ABS-CompTech com <mailto:aewhale () ABS-CompTech com>
www.ABS-CompTech.com <http://www.ABS-CompTech.com>

Attachment: aewhale.vcf
Description:

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure 
contains a definitive record of customers, application performance, 
security threats, fraudulent activity, and more. Splunk takes this 
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!