For Medium and Large-sized Enterprise

The recommended deployment is to have one Network Passive Sensor in each of the physical locations, closer to the access network, with all Network Passive Sensors registered to a single Qualys account.

Alternatively, if deploying a Network Passive Sensor in every physical location is not possible, then a single Network Passive Sensor can be deployed at one location, and traffic from each of the physical locations can be mirrored to the remote location where the sensor is deployed. Refer to Passive Sensor Deployment Scenarios and Port Mirroring for more information on remote mirroring. Depending upon the volume of the network traffic aggregated across sites, use a 1G,4G, or 10G appliance.

The diagram below shows the typical topology of a medium-sized enterprise. It is a sample three-tier LAN network design for medium enterprises where the access, distribution, and core are all separate layers. Network Passive Sensors are deployed at the distribution and core layer for different buildings on the same premises.

The diagram below shows a typical topology for large size enterprises with multiple physical locations. Network Passive Sensors are deployed at the distribution and core layers of different sites. There are different sites (Main Site, Remote Large Site, and Remote Medium Site) connected using WAN.