MPSAPPSMB NETWORK DEPLOYMENT

The MPSAPPSMB can operate using one of three modes on the network. First being the passive mode, where the appliance is configured on a mirrored port within a managed switch. This allows the appliance to operate passively on the network while not being a point of failure. The NullBound Malware Prevention System was designed to run passively on a network and should be operating in this mode in any network environment which supports it.

The second mode of operation is Active/Passive. Active/Passive mode is similar to passive mode except a second network connection is utilized for communication and management of the appliance. This is ideal for switches that do not allow communication on ports that are being mirrored.

The third mode of operation is inline. Operating inline is unique to the MPSAPPSMB and allows the appliance to be utilized in environments without managed switches. When operating inline, the appliance is placed between the Internet connection, such as a cable or DSL modem, and the router/firewall.

When operating inline, the appliance is virtually transparent, however it is still physically responsible for managing network traffic going to and from the Internet. This does add a point of failure should there be any hardware issues with the appliance, however networks should see little to no Internet degradation during normal and even heavy use.

Passive

Passive mode is a means of operation which allows the NullBound Malware Prevention System to protect a network while operating transparently on a managed switch. Utilizing passive mode allows for a simplified installation while protecting every end user instantaneously. Also, since the appliance is not responsible for managing network traffic, it is not a point of failure and does not impede on network traffic.

Figure 1 - Passive Network Configuration

Active/Passive

Active/Passive mode is a means of operation which allows the NullBound Malware Prevention System to protect a network while operating transparently on a managed switch. Utilizing Active/Passive mode allows for a simplified installation while protecting every end user instantaneously.

What makes Active/Passive mode different than passive mode is that it utilizes two interfaces, one for monitoring the network and the other for managment and communication. This is ideal for switches that do not allow communication on ports that are being mirrored. Also, since the appliance is not responsible for managing network traffic, it is not a point of failure and does not impede on network traffic.

Figure 2 - Active/Passive Network Configuration

Inline

Inline mode is a means of operation which allows the NullBound Malware Prevention System to protect a network while operating in between the Internet circuit and the router/firewall. Utilizing inline mode allows for a simplified installation for small to medium sized networks which do not have managed switches capable of port mirroring.

With inline mode the MPSAPPSMB will use the public IP address as provided by the Internet service provider while the router/firewall will use a private address. Even though the router/firewall has a private IP address, virtual private networks as well as port forwarding and network address translation on the router/firewall will remain the same. Other than the MPSAPPSMB appliance utilizing the public IP address, it is completely transparent.