To protect your network against an increasing number of outside threats, you need to place in-line security tools (such as Intrusion Prevention Systems-IPS, or firewalls) that check all the traffic on the network line. This way you have a better chance to counter cyber-attacks before they can do any harm. Find out why cyber-security is the rising challenge of the 21st century.
Designed to keep your network online and protected at any cost, all these security in-line appliances can compromise network uptime, if they don't have a fallback option.
Even though most in-line tools have their own fail-safe capabilities in case of hardware failure, what happens in more common cases like network maintenance, power loss or upgrades? They become a single point of failure in your network. This is where a Bypass TAP can really save the day by enabling the critical network link to stay online, even when the in-line appliance isn't operational anymore.
The Bypass TAP has two main features to ensure network uptime:
- To be able to perform maintenance or any other activity that may involve taking the in-line appliance out of the network, the TAP can be set in manual Bypass mode, keeping the network operational.
- The Bypass TAP can actively check if the in-line appliance is correctly connected to functions. This is done by sending heartbeat packets.
Manual Bypass Use Case
Challenge: Keep network fully operational during maintenance, upgrade, or troubleshooting.
This browser does not support the video element.
Solution: By integrating a Bypass TAP into the network, in-line appliances can be accessed at any time, without impacting network uptime or security. For example, if you want to add, remove, and/or upgrade firewalls. This is done by activating the manual bypass feature in the BP Manager software. This way the traffic is no longer forwarded to the in-line appliance, so it can be freely accessed. When maintenance is done, the bypass mode can be disabled, making the in-line appliance active again.
Heartbeat Functionality Use Case
Challenge: Actively track operational status of the in-line appliance.
This browser does not support the video element.
Solutions: To actively track if the in-line appliance connected to the Bypass TAP is operational, the TAP uses bidirectional and configurable heartbeat packets with the data stream, that in turn need to be forwarded by the in-line appliance. If the in-line appliance is compromised in any way, these packets will no longer be returned to the Bypass TAP. To ensure that the critical network link stays up, the TAP will enable bypass mode.
Does the Bypass TAP really remove the point of failure introduced by an in-line appliance?
Yes, it does. The Bypass TAP is a fail-safe device. If the TAP loses power, it will still forward all traffic on the network by bridging the fiber connection on the network ports. For extra redundancy, it is possible to connect an extra power supply.
ProfiTap Bypass TAPs also feature Link Failure Propagation, transmitting link failure errors between ports, allowing the network to activate a redundant path, while the TAP stays available for auto-negotiation.
If you want a safe and secure network, choose a Bypass TAP
As networks continue to evolve and increase in size and more and more devices are being added to the in-line architecture, uninterrupted connections becomes an important issue.
A Bypass TAP is critical for those security devices that protect and prevent your network from security breaches. It makes sure your packet are not lost, and all your data is flowing through your network, even when you need to replace, reboot or remove in-line devices.
Overall, these highly-efficient tools improve your network reliability, increase application availablity, and give you remote monitoring and control that will save you the hefty costs that come with the network downtime.
Thank you to ProfiTap for the article.