Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7922
Views
0
Helpful
6
Replies

Bypass mode in Sourcefire Firepower cluster

harshadsstsi
Level 1
Level 1

‎10-18-2015 10:34 PM - edited ‎03-12-2019 05:47 AM

Hi,

How to enable software bypass on clustered firepower 8350 devices.

Sometime during troubleshooting we need to bypass IPS for test-traffic. How to achieve this without physical cabling changes/switch config changes.

I  see Access Control rule with Trust rule can also be used. need more information on software bypass option though.

 

Thanks

 

 

 

 

Labels:
0 Helpful
6 Replies 6

Dinkar Sharma
Cisco Employee
Cisco Employee

‎10-20-2015 01:27 PM

You are on the right track. If you create a rule with action as "Trust" traffic won't be sent to the inspection engine for analysis and would be simply allowed.

Thanks,

 

Dinkar

 

0 Helpful

harshadsstsi
Level 1
Level 1
In response to Dinkar Sharma

‎10-20-2015 11:25 PM

Hi Dinkar,

Thanks for the confirmation.

Can the below mentioned  software bypass command be used for Clustered Firepower devices ;

configure bypass open <inetrface>

 

 

0 Helpful

Dinkar Sharma
Cisco Employee
Cisco Employee
In response to harshadsstsi

‎10-23-2015 11:07 AM

Yes, you can use that.

Opens or closes the bypass mode of an inline pair. This command is not available on virtual devices and ASA FirePOWER devices.

 

configure bypass {open | close} {interface}

where interface is the name of either hardware port in the inline pair.

Example

> configure bypass open s1p1
0 Helpful

Sinhara Prasad Silva
Level 1
Level 1
In response to Dinkar Sharma

‎01-09-2016 03:47 PM

Hi Dinkar,

1) i need to upgrade software on 8350 sensor.  can i type  "configure bypass open s1p1" on one of the interface of each inline pair ( i have 5 inline sets)   so i can upgrade the sensor and reboot without effective live traffic. ?

2) hope if i enable "configure bypass open s1p1" on one of the interface  of inline set , IPS policy will not block all traffic and by pass traffic.

Thanks

0 Helpful

John
Level 1
Level 1
In response to Sinhara Prasad Silva

‎02-06-2016 06:03 PM

I have the same issue.

1) i need to upgrade software on 8120 and 7120 sensor.  we need to type  "configure bypass open s1p1" on one of the interface of each inline pair ( i have 5 inline sets)   so i can upgrade the sensor and reboot without effective live traffic. ?

2) hope if i enable "configure bypass open s1p1" on one of the interface  of inline set , IPS policy will not block all traffic and by pass traffic.

0 Helpful

Aastha Bhardwaj
Cisco Employee
Cisco Employee
In response to harshadsstsi

‎10-23-2015 11:13 AM

Hi,


 You cannot configure bypass mode for inline sets on clustered devices,
 

Regards,

Aastha

Rate if that helps!!!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card