We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published bySkyla Bryon
Modified over 2 years ago
©2012 Check Point Software Technologies Ltd. Bypass Support Feature Overview August 2012 Threat Prevention Team [Restricted] ONLY for designated groups and individuals
2©2012 Check Point Software Technologies Ltd. Agenda 1 1 Feature Highlights Feature Description 2 2 Installation Overview 3 3 Traffic loss scenarios in case of failure 4 4 [Restricted] ONLY for designated groups and individuals Notes 5 5
3©2012 Check Point Software Technologies Ltd. Project Goals Feature Highlights Providing network bypass capabilities upon software or hardware failure Target Release Date September 30 th 2012, R75.40 on GAIA Related Product IPS DLP APPI, URLF AB & AV Supported Bypass Cards 1GbE Copper, 4 port 1GbE SFP, 4 Port (short and long range) 10GbE SFP+, 2 Port (short and long range) [Restricted] ONLY for designated groups and individuals
4©2012 Check Point Software Technologies Ltd. Feature Description [Restricted] ONLY for designated groups and individuals The internal bypass card is to ensure that network traffic continues to flow if the appliance fails or loses power. This feature is only supported for Gaia in a non-cluster configuration. Bypass Card Architecture The appliance enters Bypass Mode if one of the following occurs: There is a power loss. The appliance is overloaded, it enters bypass mode for at least 1 minute. There is a system failure, it enters bypass mode for at least 5 minutes. The appliance stops responding for 60 seconds.
5©2012 Check Point Software Technologies Ltd. Bypass Card Installation Overview 1. Install the Bypass card in the appliance. 2. Install the R75.40 bypass hotfix on the appliance. 3. Use the Gaia WebUI to enable and configure it. 4. Configure the appliance in SmartDashboard. 5. Install the policy and reboot the appliance. [Restricted] ONLY for designated groups and individuals Specific Installation Instructions will be provided with an SK for this Hotfix.
6©2012 Check Point Software Technologies Ltd. Traffic loss scenarios in case of failure When the Bypass card return from fail-open state, there could be a delay of seconds before the link is re- established. The delay is due to Linux Bridge forwarding mechanism to allow STP Protocol (running on Switches) enough time for listening and learning the network topology and block switch ports in case a loop is identified. This is an expected behavior for Bypass cards solutions. A possible way to reduce the delay is to configure the switches not use auto negotiation. There exist some workarounds for the delay (for example disable STP on the interface ports of your switch or enable Port-fast in spanning tree settings). However, this may cause severe impact to network behavior and should be carefully considered. [Restricted] ONLY for designated groups and individuals
7©2012 Check Point Software Technologies Ltd. Limitations Only for non-clustering Environments. The following features will not be supported: –HTTPS Inspection. –Anti Spam. –Traditional Anti-Virus in proactive mode. –FTP Inspection for DLP SW Blade. –Header Spoofing Protection for IPS SW Blade. If one of the following features is enabled, severe network issues could result. [Restricted] ONLY for designated groups and individuals
8©2012 Check Point Software Technologies Ltd. Notes In order to have access to the machine during bypass state, It is required to use the dedicated management interface on the appliance. [Restricted] ONLY for designated groups and individuals
© 2013 Cisco and/or its affiliates. All rights reserved. 1 Architecture & Solutions Group US Public Sector Advanced Services Mark Stinnette, CCIE Data.
Copyright © 2005 Rockwell Automation, Inc. All rights reserved. Ethernet Switch Features Important to EtherNet/IP.
VMware vCenter Server High Availability Product Support Engineering VMware Confidential.
© 2010 InHand Electronics, Inc. – Troubleshooting Linux Performance and Battery Consumption Issues Dave Stewart Director of Software Engineering.
SIMPLE SOLUTIONS FOR COMPLEX ENVIRONMENTS Presentation Template Version: 4.0 Advanced Maintenance Presentation Node Repair & System Upgrade.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Spanning Tree Protocols PART-II LAN Switching and Wireless – Chapter.
© 2002 Foundry Networks, Inc. Técnicas de Alta Disponibilidade para NAPs Marcelo Molinari – Foundry Networks do Brasil
1 Step-by-Step Guide to Synchronous Volume Replication (Block Based) with Active-Active iSCSI Failover supported by Open-E ® DSS V7 Software.
CAM 5.0 July 2006 CAM – The Power Forward of Storage Management Sun Microsystems, Inc.
1. 2 Layer 2 Switching Switching breaks up large collision domains into smaller ones Collision domain is a network segment with two or more devices sharing.
Version 4.1 CCNA Discovery 2– Chapter 7. Contents 7.1: ISP Services : TCP / IP Protocols 7.2: 7.3: DNS 7.3: 7.4: Application Layer Protocols 7.4.
Point-to-Point Protocol (PPP) In order for any layer 3 protocol to traverse the WAN over a dialup or dedicated link, it must be encapsulated by a data-link.
Introduction to Network Security INFSCI 1075: Network Security Amir Masoumzadeh.
Organization and design of WIS data-communication structure Item 8.2 Expert Team on WIS-GTS Communication Techniques and Structure (ET-CTS) ET-CTS-2 (Tououse,
1 GREY BOX TESTING Web Apps & Networking Session 10 Boris Grinberg
DC-API: Unified API for Desktop Grid Systems Gábor Gombás MTA SZTAKI.
Validation | Slide 1 of 31 August 2006 Validation Supplementary Training Modules on Good Manufacturing Practice WHO Technical Report Series, No. 937, 2006.
What is an Operating System? A program that acts as an intermediary between a user of a computer and the computer hardware. Operating system goals: Execute.
Routers and Routing Basics CCNA 2 Chapter 7.
©Ian Sommerville 2000Dependable systems specification Slide 1 Chapter 17 Critical Systems Specification.
Extended School Year (ESY): Standards Adapted from Region IV Presentation August 28, Slides.
Windows Server 2012: New Features. Administering Servers with Server Manager Using Server Manager, you can: Manage multiple servers from one instance.
1 EIP Book of Knowledge Answer ID /28/2012.
1 Kaspersky CCleaner VerbAce WinRar. 2 About VerbAce 2008 Freeware VerbAce 2008 freeware is a translation software with a Arabic-English-Arabic dictionary.
Whats New in vSphere 5.0? Dan Wofford Staff Systems Engineer - VMware.
Venkatesh Gopalakrishnan Group Program Manager Microsoft Corporation WSV305 Lambert Green Development Lead Microsoft Corporation.
Dynamic Computing & Dynamic Threats Requires Dynamic Security.
©Siebel Systems 2003 – Do not distribute or re-use without permission Implementing Siebel 7 for High Availability Richard Sands Siebel Expert Services.
Safety and Certification Approaches for Ethernet based Aviation Databuses FAA Software Conference – July 2005 Yang-Hang Lee, Arizona State University Philip.
© 2016 SlidePlayer.com Inc. All rights reserved.