Guiding Relevant Inline Traffic to Tools (6.3)

Introduction

In an inline monitoring scenario, it is common to deploy more than one tool because a single tool cannot guard the network against all possible threats. In such a case, each inline tool may be required to inspect certain types of traffic. However, if they are connected in series, all network traffic will pass through each of them. This may lead to over-subscription of the tool(s). When a tool is oversubscribed, it will adversely impact not only the tool's performance, but also the network and performance of applications. Gigamon Inline Bypass solution enables seamless integration of inline tools by allowing you to guide only the relevant traffic to each tool.

Design Topology

Figure 1: Logical Topology for Guiding Only Relevant Traffic to Inline Tools

Design Overview

This design illustrates one such scenario wherein multiple tools are deployed as follows:

• An external firewall is deployed to inspect all traffic to/from the internet.

• An Advanced Threat Prevention (ATP) tool is deployed to inspect all traffic.

• A Web Application Firewall (WAF) is deployed to inspect traffic to/from internally hosted applications.

• A Security Information and Event Management (SIEM) is deployed to correlate feeds from the inspected traffic.

To learn more about this solution, read complete details on the Gigamon Community: Guiding_Relevant_Inline_Traffic_to_Tools