Bridge mode firewall IPS between ISP and our level 3 switch?
I am looking to add a transparent (bridged?) firewall prior to a Cisco 6509 switch. I have a setup with a /30 from our ISP, in which they pass down to us our IPs so we can route and subnet to our liking (we issues /29s to each server). I would like something prior to the Cisco 6509 for just IPS/Firewalling to catch some of the incoming or outgoing stuff, or to be able to null route or block IPs as we need.
We are already behind TopLayer units that our ISP has, so it will be mostly minor stuff.
Any ideas as to how I would do this…I assume I would bridge it and let it just be a "bump" in the wire, and use an interface with an IP assigned to it for management.
Do this make sense and how would this be setup? Can SNORT also be used in transparent bridge mode like this?
rack1 rack2 etc