However if each network is being monitored by a unique detection engine, the name of the detection engine can be used to distinguish between events. When the alert is triggered, the "packet view" of the event will be the same as the other (non-encapsulated, non-VRF) events.
Question 3: How are events generated from VRF network traffic identified? RNA will combine all hosts using the same IP address into a single entry in the network map. However, RNA will not work in this case as the network map does not distinguish hosts by the reporting detection engine. As long as the Sourcefire appliances are configured so that each network is monitored by a unique detection engine, then the name of the detection engine can be used to distinguish between events. If a Sourcefire appliance generates alerts from one of the 172.22.x.x networks, is it possible to determine the correct network of origin from the alert? The handling of this scenario is not specific to the use of VRF. Some networks are in the virtual routing table (in VRF), and some networks are not. There are multiple networks with 172.22.x.x. Question 2: How is the traffic in a VRF network analyzed? In this case, the 3D System is unable to distinguish between two different hosts with the same IP address.
The only way this could become an issue is if someone is using a aggregator to combine traffic from multiple different networks into a single interface set or detection engine. Reconnecting to the Cisco Web Security Appliance. Enabling Layer 4 Traffic Monitor (L4TM) Accessing and Running the System Setup Wizard. Connecting to the Cisco Web Security Virtual Appliance. VRF does not require any special support or configuration in Sourcefire products as it is completely transparent to the device monitoring the traffic. Mapping Cisco Web Security Appliance Virtual Machine (VM) Ports to Correct Networks. Question 1: How do Sourcefire appliances work in a VRF deployment?
It allows multiple instances of the routing table to co-exist within the same router at the same time.
CISCO SECURE ACCESS CONTROL SYSTEM VIRTUAL APPLIANCE HOW TO
Virtual Routing and Forwarding (VRF) is a mechanism to segment a single router into multiple virtual routers that do not pass traffic between them. The Securing the Web with Cisco Web Security Appliance (SWSA) v3.0 course shows you how to implement, use, and maintain Cisco® Web Security Appliance (WSA), powered by Cisco Talos, to provide advanced protection for business email and control against web security threats.