askvity

What is a Bypass Function?

Published in Network Security 3 mins read

A bypass function, in the context of network appliances, allows network traffic to continue flowing even when an inline security or monitoring appliance fails or needs maintenance.

Here's a more detailed breakdown:

Bypass functionality is often implemented using a bypass switch (also sometimes called a bypass TAP). This device sits inline with the network traffic and its purpose is to ensure network connectivity is maintained even if an inline appliance, such as an intrusion prevention system (IPS) or a web application firewall (WAF), becomes unavailable.

How Bypass Works:

  1. Monitoring: The bypass switch constantly monitors the health and status of the network links connected to the inline appliance. It does this through heartbeat signals or link status detection.

  2. Failure Detection: If the bypass switch detects a failure, such as a link going down or the appliance becoming unresponsive, it automatically switches to bypass mode.

  3. Bypass Mode: In bypass mode, the bypass switch directly connects the network segments, allowing traffic to flow through without passing through the appliance. This ensures network availability and prevents interruptions. Some bypass switches may still send traffic to the appliance, even in bypass mode, for diagnostic or logging purposes. This behavior depends on the specific manufacturer and configuration.

Key Advantages of Bypass Functions:

  • High Availability: Ensures continuous network operation by bypassing failed appliances.
  • Maintenance Without Downtime: Allows for appliance maintenance, upgrades, or replacements without interrupting network traffic.
  • Resilience: Enhances network resilience by providing a fallback mechanism in case of appliance failures.

Example Scenario:

Imagine a network protected by an inline intrusion prevention system (IPS). If the IPS fails due to a software bug or hardware issue, a bypass switch would automatically detect the failure and switch to bypass mode. Network traffic would then flow directly through the bypass switch, bypassing the failed IPS, and maintaining network connectivity. Once the IPS is repaired, the bypass switch would automatically switch back to normal mode, allowing traffic to flow through the IPS again.

In summary, a bypass function provides a crucial mechanism for maintaining network uptime and resilience by automatically routing traffic around failed or unavailable inline appliances.

Related Articles