•
•
•
1. Plug the cable(s) appropriate for use with your QSFP+ or QSFP28 module into port G0/1 (NS9500) of the active NS-series
Sensor.
2. Connect the other end of the cable(s) into port G0/1 (NS9500) of the standby NS-series Sensor.
:
Connect the cables for Sensor Fail-Open
The Fail-Open Kits minimize the potential risks of in-line Sensor failure on critical network links. You need to purchase these kits
separately. Both copper and optical versions of the kit are available for the one-gigabit ports. The standard Gigabit Fail-Open Kits,
10 Gigabit Fail-Open Kits and 40 Gigabit Fail-open Kits are available for the 1, 10, and 40 gigabit ports respectively.
The Monitoring ports of the Sensors can be fail-close; thus, if the Sensor is deployed in-line fail-close, a hardware failure results
in network downtime. Except the built-in RJ-45 ports which come with built-in fail-open functionality, you use either the optional
Trellix's 4-port 1/10 Gigabit Modular Passive Fail-Open kit or external bypass switch provided in an Active Fail-Open Kit for the
Monitoring ports to fail-open.
While the Sensor is operating, the Active Fail-Open kit is in-line and routes all trac directly through the Sensor. When the Sensor
fails, the switch automatically shifts to a bypass state; in-line trac continues to ow through the network link but is no longer
routed through the Sensor. After the Sensor resumes normal operation, the switch returns to the "on" state, enabling in-line
monitoring once again.
Sensor outage breaks the link connecting the devices on either side of the Sensor for a brief moment and requires the
renegotiation of the network link between the two peer devices connected to the Sensor. Depending on the network
equipment, this disruption introduced by the renegotiation of the link layer between the two peer devices might range from a
couple of seconds to more than a minute with certain vendors' devices.
A very brief link disruption might also occur while the links between the Sensor and each of the peer devices are renegotiated
to place the Sensor back in in-line mode. This outage, again, varies depending on the device, and can range from a few
seconds to more than a minute.
The performance of the switchover from in-line to bypass and vice versa varies depending on the vendor.
You can nd the installation and troubleshooting instructions for the kit in the guide that accompanies the kit. For example, for
more information on the Optical kits, see the following guides:
1 Gigabit Optical Active Fail-Open Bypass Kit Guide
10 Gigabit Optical Active Fail-Open Bypass Kit Guide
40 Gigabit Optical Active Fail-Open Bypass Kit Guide
| NS9500 Sensors1
Trellix Intrusion Prevention System NS-series Sensor Product Guide
45
Caution
Caution