*** Welcome to piglix ***

Bypass Switch


A bypass switch (or bypass TAP) is a hardware device that provides a fail-safe access port for an in-line active security appliance such as an intrusion prevention system (IPS), next generation firewall (NGFW), etc. Active, in-line security appliances are single points of failure in live computer networks because if the appliance loses power, experiences a software failure, or is taken off-line for updates or upgrades, traffic can no longer flow through the critical link. The bypass switch or bypass tap removes this point of failure by automatically 'switching traffic via bypass mode' to keep the critical network link up.

A bypass switch has four ports. Two network ports create an in-line connection in the network link that is to be monitored. This connection is fully passive; if the bypass switch itself loses power, traffic continues to flow unimpeded through the link. Two monitor ports are used to connect the in-line monitoring appliance. During normal operation, the bypass switch passes all network traffic through the appliance as if it were directly in-line itself. But when the in-line appliance loses power, is disconnected, or otherwise fails, the bypass switch passes traffic directly between its network ports, bypassing the appliance, and ensuring that traffic continues to flow on the network link.

A bypass switch or TAP monitors the health of the active, in-line appliance by sending heartbeats to the in-line security appliance as long as the in band security appliance is on-line, the heartbeat packets will be returned to the switch/TAP, and the link traffic will continue to flow through the in-line security appliance.

If the heartbeat packets are not returned to the TAP (indicating that the in-line security appliance has gone off-line), the TAP will automatically bypass the in band security appliance and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

In some products, when the bypass switch shunts traffic around the monitoring appliance, the monitor ports revert to acting like a network tap, mirroring the half-duplex traffic received at the network ports to the monitor ports. In this mode, an attached IPS appliance can be used as an intrusion detection system (IDS) to passively monitor the traffic without affecting it. This mode is useful for analyzing the effectiveness of a signature set before switching to IPS mode and potentially disrupting network traffic.

Multi-segment bypass switches provide a number of independent bypass switches in a single chassis, providing higher density in the equipment rack.

Bypass TAP - Normal Mode: traffic flows through the network TAP before it travels through the appliance and back onto the network


...
Wikipedia

...