Mixed Deployment Mode Overview
IDP devices have multiple traffic interfaces. Logical pairs of interfaces belong to the same virtual router. You configure deployment mode for each virtual router. In your network design, you can think in terms of deploying IDP virtual routers instead of IDP appliances. One IDP appliance can be deployed to support two types of network designs simultaneously:
- In-path designs. To protect against attacks and regulate application usage, you connect the virtual router traffic interfaces to devices that are in the path of network traffic. You configure the corresponding virtual router in transparent mode.
- Out-of-path designs. To gather information about attacks and application usage, you connect one of the virtual router traffic interfaces to a port mirror or Switched Port Analyzer (SPAN) port. You configure the corresponding virtual router in sniffer mode.
Figure 1 shows a network design where two virtual routers are deployed in transparent mode and another in sniffer mode.
Figure 1: Mixed Deployment Mode
