cancel
Showing results for 
Search instead for 
Did you mean: 

Fail-open kit has been disconnected and connected the IPS sensor directly to the Switches

There was a Switch upgrade activity performed, initially, one of the ports in Sensor has been connected to Fail-open kit, from there to Switch. Another interface in Sensor was connected to Switch directly. Same connectivity has been done after Switch upgrade, but, fail open kit was not coming up. Hence, we bypassed fail-open kit, i.e cables have been directly connected from IIPS Sensor to Switch directly. Current status is fine. But, in practical, this type of connectivity may give some issues in production network, hence, we would like to have a clarification and need more inputs from you to understand the business effect. Will there be any business impact or any network flaps or any device down or anything major issues occur in future if we have this setup continues. Please share recommendations and guidelines to run device smoothly and to avoid any business impact.
2 Replies
Highlighted
McAfee Employee fkazi04
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Fail-open kit has been disconnected and connected the IPS sensor directly to the Switches

Hi,

As I understand, the present status is network devices directly connected to the Sensor monitoring interface. Most likely the configuration will be 'inline fail closed'. If it is, during interface flaps/link down/Sensor reboot, the traffic will be bottlenecked at the Sensor and will not be allowed to pass. Hence, you do face outage till the time links are restored.

 

Using fail-open kit provides you have an advantage in case of link failure - there won't be network outage and the traffic will be bypassed via FO kit.

 

Unfortunately, I couldn't get the FO connectivity explanation; however, ideal setup should be as:

network cables connected to Net 0/1 port on the FO Kit

Monitoring port from Sensor connected to Mon0/1 of FO kit

If the Kit is Passive, use control port. For active kit, there is no control port.

 

I hope this above explanation answers your question.

 

Regards,

Faizan

 

Was my reply helpful?

If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Regards,
Faizan

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Tsri
Level 8
Report Inappropriate Content
Message 3 of 3

Re: Fail-open kit has been disconnected and connected the IPS sensor directly to the Switches

Also what happened to FO kit ?

Is it up ?  Are you able to take console / gui access of the FO kit ?

I would suggest to log a support case so that support can look what happened to FO kit in order to resume your network via FO kit.

Was my reply helpful?

If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Regards,

Tarang Sri

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community