Router Switeh Routen pe Ping pe Wireless. 7W aicess point DMZ Zone auess point out ey acess poinf Broadbond wrreless access autess point Servers Solution The logic behind IDS sensors is that they actually try to sniff the route in which your network traffic flows. whereas the IPS(intrusion protection system) is more effective.The IDS has the ability to only detect the uneven activity but can\'t do with the help of IPS feature. if a user want to check or sniff all the traffic when the user is connected to the outside world(internet) just set the IDS outside the firewal. if a user want to check the traffic which is flowing inside the network whether malicious or not the best idea would be to install IDS inside the firewall. the DMZ zone is also said as(demilitarized zone) is a sub-network where the internal network( internal LAN) is seperated from the other untrusted network like the internet. the external servers,or the resources and services are located in the DMZ so they are easily accessible from the Internet but the other part of the internal LAN remains safe as it is not reacheble.it restricts the ability of hackers to directly access the internal servers present in a network as well as the data also with the help of accessing Internet. the best way to put IPS/IDS is near the firewal(outside the firewal) so can manage every traffic comming from outside like internet and if the traffic seems suspicious can simply block the packet or traffic outside the network only. IDS is expensive so it can\'t be use at many areas but the best to use is near firewall only..