Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
484
Views
0
Helpful
1
Replies

IPS 4200 Fault tolerance

khalid_mahmood
Level 4
Level 4

‎09-01-2009 09:29 AM - edited ‎03-10-2019 04:45 AM

Hi, Is it possible to have two IPS 4200 appliances in a failover or high availability pair? Or is it single with hardware bypass only?

Thanks

Labels:
0 Helpful
1 Reply 1

htarra
Level 4
Level 4

‎09-07-2009 08:09 AM

In data centers like these, redundant routers, switches, and even power supplies help ensure business continuity during an outbreak. The IPS appliances, however, do not support stateful failover. IPS devices maintain state with traffic flows and may drop traffic from an asymmetrical traffic flow. It is therefore important to factor this into the design.

You can use the bypass mode as a diagnostic tool and a failover protection mechanism. You can set the sensor in a mode where all the IPS processing subsystems are bypassed and traffic is permitted to flow between the inline pairs directly. The bypass mode ensures that packets continue to flow through the sensor when the sensor's processes are temporarily stopped for upgrades or when the sensor's monitoring processes fail. There are three modes: on, off, and automatic. By default, bypass mode is set to automatic.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card