There have been quite a few posts about the benefits of Bypass TAPs and how they can keep the network up and running in the event an inline appliance fails. But what about situations where the inline appliance is the main source of security for the network, and the company has zero tolerance for unsecured traffic? In those cases, the Bypass TAP has a “Reverse Bypass Mode” to accommodate for just that.
With reverse bypass mode, the Bypass TAP still sends out heartbeats to the connected inline appliance. If the inline appliance fails for any reason, the heartbeats will stop and the Bypass TAP will respond by failing closed: turning the network ports off to shut down the flow of traffic. This will prevent unsecured traffic from entering or leaving the network.
By shutting down the network ports, reverse bypass mode kills the link between the network devices and the TAP. If the network devices have a redundant link or an established HA process, the loss of link from reverse bypass mode will trigger the established failover process.
But what’s the point of this? If the failed appliance would take down the network anyway, why bother installing a Bypass TAP in the first place? The answer is the additional quality of life features provided by the Bypass TAP. Bypass TAPs can expedite troubleshooting by using forced bypass mode to rule out devices when experiencing issues. Bypass TAPs with controller cards can also send alerts to administrators when appliances go down, adding greater context to network failures.
Bypass TAPs have the capability to match whatever your network needs, whether they prioritize security or connectivity. Having a Bypass TAP in front of every in-line appliance adds functionality and resiliency to the network without creating any new points of failures.
Looking to add a bypass solution to your security deployment, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do!