Bypass traffic on overload on Firewall Clusters

You can configure the Firewall Cluster to bypass traffic when the traffic load becomes too high.

By default, Firewall Clusters inspect all connections. If the traffic load is too high for the Firewall Cluster to inspect all connections, the Firewall Cluster can dynamically reduce the number of inspected connections. This reduction can improve performance in evaluation environments, but some traffic might pass through without any access control or inspection.

CAUTION:
Using bypass mode requires a fail-open network interface card. If the ports that represent the interfaces cannot fail open, policy installation fails on the engine. Bypass mode is not compatible with VLAN retagging. In network environments where VLAN retagging is used, normal mode is automatically enforced.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click the Firewall Cluster and select Edit <element type>.
    The Engine Editor opens.
  2. In the navigation pane on the left, select General > Layer 2 Settings.
  3. Select Bypass Traffic on Overload.
  4. Click Save.
    Do not close the Engine Editor.

Next steps

Continue the configuration in one of the following ways:
  • Add other types of layer 2 interfaces.
  • Select system communication roles for interfaces.
  • Bind engine licenses to Firewall Cluster elements.