Bypass traffic on overload on Firewall Clusters
You can configure the Firewall Cluster to bypass traffic when the traffic load becomes too high.
By default, Firewall Clusters inspect all connections. If the traffic load is too high for the Firewall Cluster to inspect all connections, the Firewall Cluster can dynamically reduce the number of inspected connections. This reduction can improve performance in evaluation environments, but some traffic might pass through without any access control or inspection.
CAUTION:
Using bypass mode requires a fail-open network interface card. If the ports that represent the interfaces cannot fail
open, policy installation fails on the engine. Bypass mode is not compatible with VLAN retagging. In network environments where VLAN
retagging is used, normal mode is automatically enforced.
For more details about the product and how to configure features, click Help or press F1.
Steps
Next steps
- Add other types of layer 2 interfaces.
- Select system communication roles for interfaces.
- Bind engine licenses to Firewall Cluster elements.