There is a company who bought a NTBA appliance and they already have a M-8000 deployed according to the network diagram attached to this thread. Their IPS setup is connected as below:
IPS Sensor M-8000 1A port is connect to their Router.
IPS Sensor M-8000 1B port is connect to their Firewall (external interface)
IPS Sensor M-8000 2A port is connected to their Firewall (Internal Interface)
IPS Sensor M-8000 2B port is connect to their Network Switch.
The NTBA appliance has 4 monitoring ports. According to the Quick Start guide, it mentions that the monitoring ports should be connected into the network routers and the McAfee Sensors. However, this is not clear to me. Can someone please explain how we should connect NTBA ports into the existent environment (according to the attached diagram)?
Note: How we can configur netflows to be sent to the NTBA appliance? Is this a setting that I need to enable on the network devices like Routers/Switches (like port mirroring on switches)?
The recommended setup would be to turn up a new interface on the M8000 set as SPAN and connect it out of band to the NTBA appliance.
The NTBA traffic is recommended to be configured on a dedicated port on the sensor to not cause issues with existing traffic. It also needs to be properly routed over the NTBA monitoring ports to be processed correctly so configuring a dedicated network for that will ensure it is routed properly.