Fail-open kit has been disconnected and connected the IPS sensor directly to the Switches
There was a Switch upgrade activity performed, initially, one of the ports in Sensor has been connected to Fail-open kit, from there to Switch. Another interface in Sensor was connected to Switch directly.
Same connectivity has been done after Switch upgrade, but, fail open kit was not coming up. Hence, we bypassed fail-open kit, i.e cables have been directly connected from IIPS Sensor to Switch directly.
Current status is fine. But, in practical, this type of connectivity may give some issues in production network, hence, we would like to have a clarification and need more inputs from you to understand the business effect.
Will there be any business impact or any network flaps or any device down or anything major issues occur in future if we have this setup continues. Please share recommendations and guidelines to run device smoothly and to avoid any business impact.
Re: Fail-open kit has been disconnected and connected the IPS sensor directly to the Switches
As I understand, the present status is network devices directly connected to the Sensor monitoring interface. Most likely the configuration will be 'inline fail closed'. If it is, during interface flaps/link down/Sensor reboot, the traffic will be bottlenecked at the Sensor and will not be allowed to pass. Hence, you do face outage till the time links are restored.
Using fail-open kit provides you have an advantage in case of link failure - there won't be network outage and the traffic will be bypassed via FO kit.
Unfortunately, I couldn't get the FO connectivity explanation; however, ideal setup should be as:
network cables connected to Net 0/1 port on the FO Kit
Monitoring port from Sensor connected to Mon0/1 of FO kit
If the Kit is Passive, use control port. For active kit, there is no control port.
I hope this above explanation answers your question.
Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Was my reply helpful? If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.