"Fail-open" and "fail-close" are terms often used in network security and system design to describe how a system behaves in the event of a failure.
-
Fail-Open: In a fail-open scenario, if a system or device fails, it automatically opens or allows access. This is usually used in systems where availability is prioritized over security. For instance, in a firewall setting, if the firewall fails, all network traffic would be allowed through.
-
Fail-Close Aka Fail-secure: Conversely, in a fail-close scenario, if a system or device fails, it automatically closes or denies access. This is used in systems where security is prioritized over availability. Going back to the firewall example, if the firewall fails, all network traffic would be blocked.
In essence, the choice between fail-open and fail-close will depend on whether the system values availability or security more in the event of a failure.
Another example: Umbrella Mobile Devices can now be selected to Fail Open or Fail Closed. With these options, you can configure managed iOS and Android devices to block or allow access to the internet in the case of Umbrella protection failure.
Fail-close: This feature will block DNS traffic during network state changes OR when Umbrella DNS resolvers are determined to be unreachable.
Fail-open: This feature will allow DNS traffic when Umbrella DNS resolvers are determined to be unreachable.
@cisco Umbrella
