Link Protection of​ Network Security Bypass TAP for Packet Broker Strategic Traffic

Link Protection of​ Network Security Bypass TAP for Packet Broker Strategic Traffic

1.Overviews

With the rapid development of the Internet, the threat of network information security is becoming more and more serious, so a variety of information security protection applications are used more and more widely. Whether it is traditional access control equipment (firewall) or a new type of more advanced protection means such as intrusion prevention system (IPS),Unified threat management platform (UTM), Anti-denial service attack system (Anti-DDoS), Anti-spam Gateway, Unified DPI Traffic Identification and Control System, and many security devices are deployed in series in the network key nodes, the implementation of the corresponding data security policy to identify and deal with legal / illegal traffic. At the same time, however, the computer network will generate a large network delay or even network disruption in the case of fail over, maintenance, upgrade, equipment replacement and so on in a highly reliable production network application environment, users cannot stand it.

2.Intelligent Bypass Swtich Application Solution​

Link Series Device Protection

Figure 1: Policy Flow Traction Protector Normal Working Data Stream

Figure 2: Policy Traffic Traction Protector Bypass Switch Data Flow

As shown in Figures 1 and 2, the NetTAP® "Policy Traffic Traction Protector" is deployed in series between network devices (routers, switches, etc.), and the data flow between network devices no longer leads directly to IPS / FW, NetTAP® "policy traction protector" to IPS / FW, when the IPS / FW due to overload, crash, software updates, policy updates and other conditions of failure, the "bypass switch" through intelligent heartbeat message detection Function of the timely discovery, and thus skip the faulty device, without interrupting the premise of the network, the rapid network equipment directly connected to protect the normal communication network; when the IPS / FW failure recovery, but also through intelligent heartbeat packets Detection of timely detection of the function, the original link to restore the security of enterprise network security checks.

NetTAP® "Bypass switch" has a powerful intelligent heartbeat message detection function, the user can customize the heartbeat interval and the maximum number of retries, through a custom heartbeat message on the IPS / FW for health testing, such as send the heartbeat check message to the upstream / downstream port of IPS / FW, and then receive from the upstream / downstream port of IPS / FW, and judge whether the IPS / FW is working normally by sending and receiving the heartbeat message.

3. Bypass Switch Bypass TAP Technical Characteristics

SpecFlow/FullLink Protection

The NetTAP® "INLINE Network Security Bypass Swtich based on Network TAP Strategic Traffic Protector" supports serial protection for complete link traffic and a serial protection mode for a specific traffic type. Users can choose the appropriate deployment mode according to the deployment requirements of different security devices.

FullLink protection mode. In this mode, the Policy Traffic Traction Protector forwards all traffic from the deployed link to the security device and performs real-time monitoring of the state of the security device. If the status of the security device is abnormal, the protector will automatically switch to the bypass state ensures network availability.

SepcFlow protection mode. In this mode, the Policy Traffic Traction Protector forwards some of the user-specified traffic types in the deployment link to the security device for processing. The remaining traffic is automatically bypassed without passing through the security device. While the protector on the state of the safety device to perform real-time monitoring, once the safety device status is abnormal, the protector will automatically switch to bypass state to ensure the availability of the network.

4. Bypass Switch Bypass TAP Technical Specifications