Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
6
Helpful
9
Replies

IPS 4240 - power fail situation

egain.com
Level 1
Level 1

‎07-27-2006 11:28 AM - edited ‎03-10-2019 03:08 AM

hi

If IPS 4240 is configured in IN-line mode and if its power supply fails, will it still keep network continuity up and pass the network traffic thr' it?

thanks

regards

Rakesh

======

Labels:
0 Helpful
9 Replies 9

DFiore
Level 1
Level 1

‎07-28-2006 08:02 AM

Rakesh,

No, it will not pass any traffic if it's in-line and the power fails. It becomes its own DoS for your network.

This is why Cisco recommends fault tolerant configs or a network bypass switch in case an IPS fails. Info on the bypass switch is at http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/index.html ---

Look for the "Fail-Safe Bypass Solution" toward the middle of the page.

Hope this helps?

egain.com
Level 1
Level 1
In response to DFiore

‎07-28-2006 10:01 AM

Thanks both of you.

What will be the reasons of not counting SM0240 switch (shore Microsystem) as single point of failure?

regards

Rakesh

=====

0 Helpful

DFiore
Level 1
Level 1
In response to egain.com

‎07-28-2006 11:43 AM

No reason at all. The bypass switch IS a single point of failure as well. Shore Micro has a solution to this in buying their more robust switch with extra power supplies and extra interfaces... But remember, you can take the single point of failure analysis to extreams-- the UPS, the rack, subsystem in the data center, etc., etc.

0 Helpful

egain.com
Level 1
Level 1
In response to DFiore

‎07-28-2006 02:04 PM

Agreed. I was trying to collect good reasons to tell our customers and make them agreed to.!.thanks for the reply.

regards

Rakesh

======

0 Helpful

mhellman
Level 7
Level 7
In response to egain.com

‎07-31-2006 06:24 AM

It is not a single point of failure, certainly not in the sense that the IPS is. If the power fails on the bypass switch, it will function just like a wire. This was confirmed by a Cisco engineer in a previous discussion:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dda5a1e/13#selected_message

0 Helpful

egain.com
Level 1
Level 1
In response to mhellman

‎07-31-2006 09:21 AM

This is good to know. thanks for checking this out.

regards

Rakesh

=====

0 Helpful

DFiore
Level 1
Level 1
In response to mhellman

‎08-01-2006 10:31 AM

Sorry Matt, my bad... I forgot the bypass switch becomes a wire when it looses power. At that point it shunts all traffic around (not thru) the IPS... Is this right?

0 Helpful

mhellman
Level 7
Level 7
In response to DFiore

‎08-01-2006 10:52 AM

That's a good question actually. I don't know much more than what marcabal said. All our sensors are passive. It seems like that would make the most sense though.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card