Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1378
Views
0
Helpful
4
Replies

Cisco ASA functionality

Go to solution
onslaught99
Level 1
Level 1

‎01-07-2016 01:14 PM - edited ‎03-12-2019 12:07 AM

Hello,

This may be a dumb question but I am trying to prove to our customer that our ASA 5525-X does not pass traffic when there is a hardware problem or if the firewall were to power off due to some catastrophic event. I planned on just powering down the ASA but they would prefer that I don't power down the firewall to prove that data does not pass traffic. I tried looking at any documentation but I can't seem to find where its documented that the ASA will not forward traffic while it is powered down or a hardware failure. Is there any documentation that points out that the ASA will not forward traffic if powered down? 

Thanks

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
rvarelac
Level 7
Level 7

‎01-07-2016 08:38 PM

Hi onslaught99

I don't think it would be any documentation about this symptom. Is expected that if any network device  is powered down or have a hardware failure on one of his ports won't be able to forward any inbound or outbound traffic.

Hope it helps

-Randy-

View solution in original post

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-08-2016 07:16 AM

There's no documentation of that behavior that I have ever seen.

It's hard to prove a negative. Demonstration will show that's how it works though.

Devices that have this feature call it something like a "bypass mode interface". An example would be the high end IPS appliances like the 3D7125 and such. These "fail open" so that you don't lose connectivity in the event of a system outage.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
rvarelac
Level 7
Level 7

‎01-07-2016 08:38 PM

Hi onslaught99

I don't think it would be any documentation about this symptom. Is expected that if any network device  is powered down or have a hardware failure on one of his ports won't be able to forward any inbound or outbound traffic.

Hope it helps

-Randy-

0 Helpful

Go to solution
onslaught99
Level 1
Level 1
In response to rvarelac

‎01-10-2016 09:46 AM

Thank you both for the feedback. As expected I didn't believe that there was any documentation about this, just that it would be common knowledge that only certain devices would a "fail bypass" function because they are not truly needed for security boundary control. I know that certain IPS/IDS devices and the WAAS devices are able to perform the fail bypass function but the firewalls are needed to control and inspect traffic coming in.

Thanks again!!

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-08-2016 07:16 AM

There's no documentation of that behavior that I have ever seen.

It's hard to prove a negative. Demonstration will show that's how it works though.

Devices that have this feature call it something like a "bypass mode interface". An example would be the high end IPS appliances like the 3D7125 and such. These "fail open" so that you don't lose connectivity in the event of a system outage.

0 Helpful

Go to solution
ipsthoughtexchange
Level 1
Level 1

‎03-06-2018 12:14 AM

Hi,

 

This is not a dumb question, you have my sympathy for having to deal with a dumb person regarding this.

I'd explain it to that person as follows: If your light bulb expires, do still have light? - Hence, if an fw is powered down or an Interface is down there will as much traffic as light goes through a defective bulb.

 

BR

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card