IDP250 Installation Guide
Deployment Mode
For each virtual router, you select the deployment mode:
■
■
You can deploy a mix of sniffer and transparent mode virtual routers on the same IDP appliance.
For more information on deployment mode, see the IDP Concepts and Examples
Guide.
Internal Bypass
The Internal Bypass setting supports network security policies that privilege availability over security. In the event of failure or graceful shutdown, with internal bypass configured, the interfaces to enter an internal bypass state. In internal bypass, physical interfaces join mechanically to form a circuit that bypasses IDP processing. For example, if you configure internal bypass for vr0, and the IDP appliance encounters failure or is shut down, eth2 and eth3 join to form a circuit that avoids the IDP engine and forwards the traffic to the next network hop.
Internal bypass operates through a timing mechanism. When enabled, the timer on traffic interfaces counts down to a bypass trigger point. When the IDP appliance is turned on and available, it sends a reset signal to the traffic interface timer so that it does not reach the bypass trigger point. If the IDP operating system encounters failure, then it fails to send the reset signal, the timer counts down to the trigger point, and the traffic interfaces enter a bypass state. If the IDP appliance is shut down gracefully, the traffic interfaces immediately enter bypass.