Deployment Guide
v5.0
Search this version
Deployment Guide
Deployment Guide
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
Deployment Options
Copy Markdown
Open in ChatGPT
Open in Claude
On-Premise
- Network TAP (best practice): Passive, fail-safe full-duplex mirroring. Use optical/copper TAPs (Ixia, Keysight, or Gigamon) on critical links. Sensor receives traffic on a single or across multiple capture interfaces.
- Switch SPAN Port (last resort): Configure port mirroring (Cisco
monitor session, Aristamirror session, Juniperport-mirror). Use ERSPAN for remote sources. - Sensors operate in passive IDS mode by default.
Cloud Deployments
- AWS: VPC Traffic Mirroring (filter by ENI, subnet, or VPC) targeting the Sensor’s ENI.
- Azure: Virtual Network TAP or Network Watcher packet capture routed to Sensor VM.
- GCP: Packet Mirroring policies targeting instance groups or specific VMs.
- Sensors run as VMs in the same VPC/VNet. Manager can be deployed in the same cloud or on-premise (hybrid).
- Supports multi-region and multi-account setups via transit gateways or peering.
VariableType to search · ESC to discard
GlossaryType to search · ESC to discard
InsertType to search · ESC to discard
No matches
Last updated on
Was this page helpful?
Next to read:
Strategic Sensor Placementnull
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message