We're deploying 2 6050 appliances in diagram full HA. 2 appliances running HA mode active/active. we have to protect 2 segment. The bypass kit netcessary in this case or not?
hope anyone help.
this is up to your needs. M-6050 sensors have no ports with integrated fail-open functionality. So in case of ...
... a failure of one appliance, is the performance of the other device enough for your environment? If not, you need bypass/failopen kits, but you will lose security. Otherwise you will have performance issues and maybe business impact.
... a failure of both appliances, there will be a full interruption of your traffic. If your company can not live with an outage until you fixed the problem? -> You will need the bypass/failopen kits.
You have to decide, if the business impact of the outage is higher then the lose of security.
Here is how we do this:
Sensor A (primary): No Fail Open Kits.
Sensor B (secondary): Does have fail open kits installed.
If sensor A goes down, firewalls should notice route is down and failover to secondary route. If secondary sensor also fails, then the fail open kits should begin operation.
Hope this helps.
Gene33's setup is typically how I see customers using HA. That way you force traffic to go through a sensor, regardless of which one is active, and have a way out through the FO kit if both sensors go down.
We are using the same setup as Gene33 described. But Gala's setup is active/active which can result in performance issues in case of an outage, as the devices are probably sized to carry half the traffic.
Based on what I have learned from McAfee documentation ...
If both sensors in the HA pair are active/active with asymmetric routing, and the 'seconday' sensor (the one with fail-open kit) goes down, its fail-open kit goes into bypass mode and this route's traffic is no longer monitored, thus reduced security.
Is this assumption correct?
That's correct. If you're sending traffic to both sensors at the same time, and the sensor fails open, then odds are your attached devices will not detect a failure and will still send traffic to the failed open path. Traffic will still flow through both paths, and the failed open path will not scan traffic. It may also cause problems if the working sensor does not see the initial connection, but receives other parts of the traffic flow.