IPS ACTIVE BYPASS
PROTECTION

Complete Failsafe Protection

for your Inline Security Appliances

You need robust network security but require maximum network reliability and availability. The foundation of any network security profile is a Next Generation Firewall (NGFW) which is a combination of firewall and Intrusion Protection System (IPS).  This appliance needs to process data flows in real time in order to block malicious attacks. Yet, connecting to links in-line puts the network at risk if the appliance goes down. TAPs with bypass access allow risk free connection of real time appliances by providing a “heartbeat” to monitor the condition of the appliance.  If the appliance goes down, the TAP will keep the network traffic flowing until the appliance is back online.

What is Bypass Mode?

When an IPS or other Inline Appliance is installed behind a V-LineTM Tap, the Tap continually checks the status of the appliance and if it is online, will direct traffic through it. If the appliance goes for maintenance or update, or any reason, the Tap will automatically bypass the appliance and direct traffic straight through to the network. When the appliance comes back online, the status is detected by the Tap and  traffic is once again directed through the appliance.

How does the TAP detect if the appliance is online?
Heartbeat packets are injected into the traffic stream and are directed to the monitoring device. If the Heartbeat packets are not detected when the traffic is passed back through the V-LineTM TAP on their way back to the network, the TAP enters Bypass mode and bypasses the appliance. Heartbeats are configurable for maximum flexibility and Heartbeat packets are NEVER sent on to the live network.

INLINE BYPASS TAP

During normal operation network traffic is directed to the IPS and 'heartbeat' packets are injected into the traffic stream.

After flowing through the sensor the heartbeat packets are detected and removed from the traffic stream.

IPS: ONLINE

INLINE BYPASS TAP

In BYPASS mode heartbeat packets continue to be sent out to test whether the IPS is online.

If heartbeat packets are not detected the Tap enters BYPASS mode and traffic is directed straight through.

IPS: OFFLINE

FEATURED PRODUCTS

SNA-X Bypass Cards

- Automatic Bypass Protection

- Tunable Heartbeat Parameters

- Part of SNA-X Modular Solution

© 2019 Network Critical. All Rights Reserved.