The Net Optics iBypass HD is the highest density bypass switch available for in-line network security appliances, such as intrusion prevention systems (IPSs), Web application optimization devices, and firewalls. The first of its kind, it supports two to eight segments, with each segment operating independently to ensure link protection. Single-segment and multi-segment IPS appliances can be connected, maintained, and removed without affecting traffic through the links or the operation of the other segments. In addition, pairs of bypass switches can be linked in a high-availability (HA) configuration supporting both tool and link redundancy.
Fail-open Link Fault Protection
Exclusive Net Optics Link Fault Detect, Bypass Detect, and Heartbeat features enable an iBypass HD switch, IPS appliance, and connected switches and routers to share state information. Configurable Heartbeat packets are sent from the iBypass HD switch trough the IPS in both directions to monitor the health of the IPS. When a fault condition is detected, the IPS loses power or is redeployed, or IPS software malfunctions, traffic is automatically routed using FastPath switching technology directly through the iBypass Switch rather than through the in-line appliance, keeping the network traffic flowing.
The iBypass HD chassis accepts four hot-pluggable Dual Bypass Modules (DBMs). Each DBM provides two independent bypass switches, which can also be configured as an HA failover pair. Different DBM models support 10/100/1000 copper, singlemode fiber.
High availability configurations enable the iBypass HD to support monitoring environments that use tool redundancy, link redundancy, or both.
When a DBMs bypass switch pair is configured for tool redundancy, one network link and two IPSs are attached to the DBM. Traffic normally flows through the primary IPS, but if the primary IPS fails, traffic is routed through the backup IPS.
When a DBMs bypass switch pair is configured for link redundancy, two network links and one IPS are attached to the DBM. Traffic on the primary link normally flows through the IPS (and traffic flows directly through the backup link), but if the primary link goes down, traffic from the backup link is routed through the IPS.
Tool and link redundancy can operate simultaneously, with two network links and two IPSs attached to the DBM. If the primary IPS fails, the secondary IPS is switched in; and if the primary link goes down, the backup link is routed through the active IPS.
Fail Open Fail Closed
When the iBypass HD detects an IPS failure, it switches to Bypass On mode, where the network link is open to traffic flow without going through the IPS. This behavior is known as Fail Open mode. Fail Closed mode is also available. If the bypass switch is configured for Fail Closed mode and an IPS failure is detected, the network ports are downed, blocking traffic flow and enabling attached switches and routers to take corrective action such as switching traffic to an alternate data path.
Packed with functionality, iBypass HD is a network device that plugs and plays as easily as the rest of the Net Optics Tap products. Its command-line interface (CLI) enables any iBypass HD parameters to be checked or changed with a few keystrokes. The management interface is password-protected and accessed through a secure, dedicated management port. The CLI is also available through a local RS-232 serial port. iBypass HD supports RADIUS and TACACS+ authentication and authorization for easy integration in enterprise networks.
Security and Reliability
iBypass HD handles network traffic entirely in hardware, so data flowing through iBypass HD's in-line links can never be hacked or compromised. Configuration variables can be changed only through the device's management port.
Doing Our Part
Net Optics is dedicated to ensuring user safety, and to developing products that are environmentally friendly. iBypass HD adheres to UL and CE safety certifications; FCC, VCCI, and C-Tick EMC certifications; as well as RoHS and WEEE environmental certifications.