Bypass traffic on overload

You can configure the IPS engine to bypass traffic when the traffic load becomes too high.

By default, IPS engines inspect all connections. If the traffic load is too high for the IPS engine to inspect all connections, IPS engines can dynamically reduce the number of inspected connections. This reduction can improve performance in evaluation environments, but some traffic might pass through without any access control or inspection.

CAUTION:
Using bypass mode requires a fail-open network interface card. If the ports that represent the interfaces cannot fail open, policy installation fails on the engine. Bypass mode is not compatible with VLAN retagging. In network environments where VLAN retagging is used, normal mode is automatically enforced.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click the IPS engine and select Edit <element type>.
    The Engine Editor opens.
  2. In the navigation pane on the left, select Advanced Settings.
  3. Select Bypass Traffic on Overload.
  4. Click Save.

Next steps

Bind engine licenses to IPS elements.