IDP Deployment Scenarios Overview

Three possible deployment scenarios are shown in the following figure.The standalone IDP is located within the internal network. All network traffic originating from endpoints that are registered with the IDP is monitored. You can deploy IDP in sniffer mode, or inline mode. You can use transparent mode or route mode with an inline mode configuration. In the first deployment example, the IDP does not monitor IPsec traffic from the user to protected resources.

To monitor all IPsec traffic from users to protected resources, deploy the IDP behind the Infranet Enforcer, as shown in figure.

You can deploy up to ten IDP devices in a network with Ivanti Policy Secure. Performance is based on how rapidly sessions are created or changed, the number of events that IDP sends to Ivanti Policy Secure, and the efficiency of the network links that connect the devices. IDP devices must be connected over a high-speed LAN link.

In a clustering environment, only one member of an Ivanti Policy Secure cluster exchanges information with an IDP sensor. If the connected Ivanti Policy Secure fails or is shut down, another cluster member will assume the load.