How to Configure Inline & Offline Modes for EdgeIPS & EdgeIPS Pro
- 27 Mar 2023
- 4 Minutes to read
- Print
How to Configure Inline & Offline Modes for EdgeIPS & EdgeIPS Pro
- Updated on 27 Mar 2023
- 4 Minutes to read
- Print
Article summary
Did you find this summary helpful?
Thank you for your feedback
Summary
The TXOne ICS products, EdgeIPS and EdgeIPS Pro, provide network visibility with two security operation modes, “Inline Mode” and “Offline Mode”. They are designed to fit into your OT networks without disturbing the existing configurations to keep the operation running in your OT environments.
After any of the following functions is enabled, the related logs will be generated automatically when a threat or an attack is detected both in offline mode and inline mode, but only in inline mode will the device take action.
- Cyber Security (The detection of DoS attacks)
- Policy Enforcement (The detection of OT protocol allowlist/blocklist)
- Suspicious Objects (The detection of malicious clients or links)
When you switch to inline mode after installing the device between the critical asset and the switch node, note that if some hardware issues or power shortages occur, the Edge device may be affected and will thus affect your network communication.
The third-party solution requires the Suspicious Objects function to be enabled. Regarding the configuration guide for Suspicious Objects, please refer to the application note How to Configure Suspicious Objects Monitor & Prevention Modes for Edge Series Devices .
Applicable Version
All versions of EdgeIPS & EdgeIPS Pro
Details
1. Security Operation Mode Definition
Offline Mode
- EdgeIPS: Data packets are mirrored from the core switch and EdgeIPS keeps detecting, monitoring as well as generating logs if any threat or attack is detected.
- EdgeIPS Pro: EdgeIPS Pro works as an IDS (Intrusion Detection System). The odd number of ports will be disabled, and the even number of ports will be enabled to receive traffic from the mirror port, which is used to manage switch/firewall and detect/log cyber threats.
Inline Mode
- EdgeIPS: EdgeIPS is deployed on the direct communication path between the source and the destination to actively analyze, filter and run automated actions on all traffic.
- EdgeIPS Pro: EdgeIPS Pro works as an IPS (Intrusion Protection System) and checks the traffic in each port pair based on Policy Enforcement rules and IPS profiles for cyber threats.
2. Configuring Offline Mode for EdgeIPS
Scenario 1: EdgeIPS Connected to Different Switches
- Connect EdgeIPS Port1 (MGMT port) to a port on Switch A.
- Access the EdgeIPS web-based management console.
- Go to [ Security ] > [ Security General Settings ].
- Select [ Offline Mode ] for [ Security Operation Mode ].
- Select [ PORT1 ] for [ Management Port ].
- Click the [ Save ] button to save the settings.
- Connect EdgeIPS Port2 (non-MGMT port) to a mirror port on Switch B.
- The MGMT port can be configured as Port1 or Port2. After the device is connected to another switch, it can then be managed by EdgeOne.
- Please select mirror mode as “TX ONLY” on the core switch.
Scenario 2: EdgeIPS Connected to the Same Switch
- Connect EdgeIPS Port1 (MGMT port) to a port on Switch A.
- Access the EdgeIPS web-based management console.
- Go to [ Security ] > [ Security General Settings ].
- Select [ Offline Mode ] for [ Security Operation Mode ].
- Select [ PORT1 ] for [ Management Port ].
- Click the [ Save ] button to save the settings.
- Connect EdgeIPS Port2 (non-MGMT port) to a mirror port on Switch A.
3. Configuring Inline Mode for EdgeIPS
- Connect EdgeIPS Port1 (MGMT port) to a port on Switch A.
- Access the EdgeIPS web-based management console.
- Go to [ Security ] > [ Security General Settings ].
- Select [ Inline Mode ] for [ Security Operation Mode ].
- Click the [ Save ] button to save the settings.
- Connect EdgeIPS Port2 (non-MGMT port) directly to an OT asset or to Switch B.
In inline mode, the MGMT port can be configured as Port1 or Port2.
Regarding the configuration guide for Policy Enforcement monitor or prevention mode, please refer to the application note How to Configure Policy Enforcement Monitor & Prevention Modes for Edge Series Devices .
4. Configuring Offline Mode for EdgeIPS Pro
- Access the EdgeIPS Pro web-based management console.
- Go to [ Security ] > [ Port Security ].
- Click a specific interface, and then a pop-up window for configuring the interface settings will appear.
- Select [ Offline Mode ] for [ Security Operation Mode ].
- Click the [ Save ] button to save the settings
- EdgeIPS Pro works as an IDS (Intrusion Detection System) in Offline Mode.
- Only even-numbered ports support Offline Mode. When the EdgeIPS Pro is switched into “Offline Mode”, the odd-numbered ports will be disabled automatically.
- Prevention/Monitor Mode, Hardware Bypass and LFPT are unavailable in “Offline Mode”.
5. Configuring Inline Mode for EdgeIPS Pro
- Access the EdgeIPS Pro web-based management console.
- Go to [ Security ] > [ Port Security ].
- Click a specific interface, and then a pop-up window for configuring the interface settings will appear.
- Select [ Inline Mode ] for [ Security Operation Mode ].
- Click the [ Save ] button to save the settings
EdgeIPS Pro works as IPS (Intrusion Prevention System) in Inline Mode and checks the traffic in each port pair based on Policy Enforcement rules and IPS profiles for cyber threats.
For support assistance, please Contact Us at support@txone.com or your Support Provider.
Was this article helpful?