EasyManua.ls Logo

Allen-Bradley Stratix 5950 - Chapter 6 Hardware Bypass; Hardware Bypass Overview

Allen-Bradley Stratix 5950
130 pages
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Rockwell Automation Publication 1783-UM010C-EN-P - June 2019 81
Chapter 6
Hardware Bypass
The Stratix® 5950 Security Appliance has hardware bypass relay support
between data port pairs 1&2 (copper/fiber) and 3&4 (on copper only). There
are two instances where a bypass can be triggered.
Power failure of the system
The bypass mode is enabled manually through CLI command
Power Failure of the System
When power failure occurs, the system hardwires the data ports if you have
configured it to do so. All traffic can pass freely from internal- to external ports
and vice versa. Upon power restoration, the system software monitors the start
up progress and only disables the bypass when the system is ready (Firewall and
FirePOWER are ready to process packets). An event can be sent out to the
management system to indicate the bypass status after power is restored.
Enable the Hardware Bypass
by Using CLI Commands
Once you issue a command, the system immediately enables bypass, and ASA
no longer receives traffic from the paired ports and all Firewall/VPN. The IPS
function does not take effect until you issue commands to disable bypass. A
critical event is sent to the management system to indicate that no protection is
provided by the system.
The enable sfr boot delay feature default is set to on. Therefore,
the system disables the bypass when both ASA and SFR modules are ready to
process packets after the system boots.
When power is restored, the system stays in bypass mode if you specifically
have it configured to do so. All traffic can pass from internal- to external ports
and vice versa until you manually disable the bypass. An event/trap is sent to
the management system to indicate that the system still continues bypass after
power is restored.
The hardware on the Stratix 5950 security appliance restricts pairing to ports
1&2 or ports 3&4. Port 1 cannot be paired with 3, invalid pairs are (1,3) / (1,4)
/ (2,3) / (2,4). Valid pairs are (1,2) and (3,4) only.
ASA has CLI commands to allow the following:
Allows your to configure bypass behavior when power fails or
power up conditions
Allow you to enable/disable bypass manually (immediately)
Allow you to check bypass settings and status by show commands

Table of Contents