To protect your network against an increasing number of outside threats, you need to place in-line security tools (such as Intrusion Prevention Systems - IPS, or firewalls) that check all the traffic on the network line. This way you have a better chance to counter cyberattacks before they can do any harm. Find out why cybersecurity is the rising challenge of the 21st century.
Designed to keep your network online and protected at any cost, all these security in-line appliances can compromise network uptime, if they don’t have a fallback option.
Even though most of in-line tools have their own fail-safe capabilities in case of hardware failure, what happens in more common cases like network maintenance, power loss or upgrades? They become a single point of failure in your network. This is where a Bypass TAP can really save the day by enabling the critical network link to stay online, even when the in-line appliance isn't operational anymore.
The Bypass TAP has two main features to ensure network uptime:
- To be able to perform maintenance or any other activity that may involve taking the in-line appliance out of the network, the TAP can be set in manual Bypass mode, keeping the network operational.
- The Bypass TAP can actively check if the in-line appliance is correctly connected to functions. This is done by sending heartbeat packets.
Manual Bypass Use Case
Challenge: Keep network fully operational during maintenance, upgrade, or troubleshooting.
Solution: By integrating a Bypass TAP into the network, in-line appliances can be accessed at any time, without impacting network uptime or security. For example, if you want to add, remove, and/or upgrade firewalls. This is done by activating the manual bypass feature in the BP Manager software. This way the traffic is no longer forwarded to the in-line appliance, so it can be freely accessed. When maintenance is done, the bypass mode can be disabled, making the in-line appliance active again.
Heartbeat Functionality Use Case
Challenge: Actively track operational status of the in-line appliance.
Solution: To actively track if the in-line appliance connected to the Bypass TAP is operational, the TAP uses bidirectional and configurable heartbeat packets with the data stream, that in turn need to be forwarded by the in-line appliance. If the in-line appliance is compromised in any way, these packets will no longer be returned to the Bypass TAP. To ensure that the critical network link stays up, the TAP will enable bypass mode.
Out-of-Band Use Case
Challenge: Maintain out-of-band monitoring.
Solution: Profitap Bypass TAP can be set up in out-of-band mode with no need to rewire, allowing network traffic to be forwarded to intrusion detection systems or other out-of-band appliances.
Does the Bypass TAP really remove the point of failure introduced by an in-line appliance?
Yes, it does. The Bypass TAP is a fail-safe device. If the TAP loses power, it will still forward all traffic on the network by bridging the fiber connection on the network ports. For extra redundancy it is possible to connect an extra power supply.
Profitap Bypass TAPs also feature Link Failure Propagation, transmitting link failure errors between ports, allowing the network to activate a redundant path, while the TAP stays available for auto-negotiation.
If you want a safe and secure network, choose a Bypass TAP
As networks continue to evolve and increase in size and more and more devices are being added to the in-line architecture, uninterrupted connection becomes an important issue.
A Bypass TAP is critical for those security devices that protect and prevent your network from security breaches. It makes sure your packets are not lost, and all your data is flowing through your network, even when you need to replace, reboot or remove in-line devices.
Overall, these highly-efficient tools improve your network reliability, increase application availability, and give you remote monitoring and control that will safe you the hefty costs that come with network downtime.
Want to find more about what are the most popular network monitoring tools and what are the main difference between them? Then check our article Comparing Network Monitoring Tools - TAP vs. SPAN