By Jerry Dillard, inventor of the Bypass TAP
DEPLOYMENTBYPASSGUIDEFORINLINESECURITY SecuritySimplifyingReliabilityInlineforBestArchitectureNetworkPracticesImprovingToolandtheStack
BYPASS DEPLOYMENT GUIDE FOR INLINE SECURITY Network Architecture Best Practices for Improving Inline Tool Reliability and Simplifying the Security Stack TABLE OF CONTENTS INTRODUCTION: By Jerry Dillard, CTO / Co-Founder of Garland Technology IMPROVEOVERVIEWINLINE TOOL RELIABILITY 1G Network 1-to-1 Tool Deployments 1G or 10G Network 1-to-1 Tool Deployments 40G Network 1-to-1 Tool Deployments 100G Network 1-to-1 Tool Deployments SIMPLIFY THE SECURITY STACK 1G Network Multiple Tool Deployments 1G or 10G Network Multiple Tool Deployments Before and After: Historical Look-Back Manage Multiple tools Advanced Load Balancing Tool Chaining High Availability (HA) Deployments 1G, 10G or 40G Network Multiple Tool Deployments Before and After: Historical Look-Back Manage Multiple tools Advanced Load Balancing Use Case Tool Chaining Tool Chaining + Load Balancing High Availability (HA) Deployments CONCLUSION 3 | 4 | 6 | 8 | 9 | 12 | 13 | 14 | 16 | 17 | 18 | 18 | 19 | 20 | 20 | 21 | 22 | 22 | 23 | 24 | 25 | 25 | 26 | 28 |
Chris Bihary, Garland’s CEO and Co-Founder, and I recognize how critical network uptime and availability are for the financial industry, healthcare, insurance, manufacturing, and critical infrastructure. We made the decision early on that we wanted to develop an industry-leading product line of inline bypass TAP products that could solve network downtime. Then as the security tool market exploded, we are also helping to simplify the modern security stack by managing multiple tools with this same reliability. This Inline Bypass Guide is designed to review the various deployment use cases for Garland Technology’s EdgeSafe Bypass TAPs and EdgeLens Inline Security Packet Brokers, and how teams can utilize them to safeguard their networks from downtime.
-Jerry Dillard, CTO / Co-Founder of Garland Technology
INTRODUCTION
3GarlandTechnology.com | Bypass Deployment Guide for Inline Security
Bypass technology is used to manage the availability of active inline security tools like intrusion protection systems (IPS), web application firewalls (WAF), and firewalls. Inline Bypass TAPs are an external device that allows IT teams to incorporate bypass technology to sandbox, deploy, troubleshoot, and replace an inline device without taking the network offline. This ensures reliability and resilience for critical links in a network that cannot afford downtime. I developed ‘bypass technology’ in 2001 as an engineer for an early IPS vendor. In the early days of active blocking tools, there was one nagging issue – a failure of the inline appliance would immediately cause a complete shutdown of a client’s network. So I was tasked with finding a solution that would ensure the inline tool wouldn’t create a single point of failure (SPOF) in the network. Knowing that loss of time and money was unacceptable, I designed the network bypass TAP. This elegant solution continuously checked the health of the device and ensured the integrity of traffic flows regardless of their condition. This is now used worldwide as “inline bypass” or “bypass technology” and is incorporated into active inline tools and inline Bypass TAPs.
4GarlandTechnology.com | Bypass Deployment Guide for Inline Security
Expedited problem resolution: If your inline tool goes offline for any reason creating unplanned downtime – “Operational isolation” affords time to resolve the issue while the network is still up and running while the inline tool is ‘bypassed,’ to troubleshoot or replace.
WHY ARCHITECTS USE BYPASS TAPS OVERVIEW
No maintenance windows: Instead of scheduling off-hour maintenance, Bypass TAPs provide “administrative isolation” allowing teams to effectively manage the devices through sandbox, deployment, updates, and troubleshooting – bringing the tool out-of-band without taking the network link down.
Bypass TAPs offers architects and engineers unique benefits like: End risk of downtime: In the event the inline tool becomes unavailable, the traffic is automatically routed around the failed tool or triggers a failover solution. This prevents inline tools from being a single point of failure, keeping the network up.
The goal of real-time prevention is to actively analyze network traffic to detect and prevent vulnerability exploits and attacks. This is accomplished using tools like WAF, IPS, SSL Decryption, and firewalls that sit inline, meaning they are actively blocking threats as traffic passes through them on critical links at the edge or perimeter of the network. This is unlike passive monitoring solutions that analyze out-of-band production network traffic. As important as these tools are to protect the network – both failure and maintenance of these devices become just as important for network and business availability. And because they sit in the stream of traffic, the deployment, management, failure response and replacement of these devices must be planned out in advance to ensure network continuity and Thatavailability.iswhyarchitects rely on external bypass TAPs (also referred to as a bypass switch) as an industry best practice to resolve the issue of these inline tools causing a single point of failure (SPOF) in the network, which can lead to network downtime and a possible security lapse.
Tool Sandbox: Easily pilot or deploy new tools with live out-of- band network data to ensure filters and rules are properly set before pushing the tool inline.
INLINE BYPASS BEST PRACTICES
2. Simplify the security stack. Managing multiple inline and out-of-band tools through integrated Inline Bypass TAP/packet brokers reduces network complexity while providing added reliability and visibility.
For some, an external bypass TAP may seem overkill or unnecessary. Many times the concept of internal bypass sounds reasonable – it’s already in the tool, why add additional hardware? But in practice, it is either not available for specific speeds or requires additional license fees that increase TCO (Total cost of ownership) over time. Also, in the most common scenario, internal bypass does not suit highly critical networks seen in financial and healthcare industries where unplanned downtime is not an option. Click to Read Tech Article.
This guide reviews the two (2) core best practices to consider when deploying inline security tools and use case scenarios on how to deploy and utilize the benefits of Bypass TAPs in your network.
1. Improve inline tool reliability. 1-to-1 External Bypass TAP deployments ensure complete reliability and availability.
Note: For a complete overview of how Inline Bypass and failsafe technologies work, please refer to our 3 Keys to Network Resiliency guide. Click to Read White Paper
INTERNAL BYPASS VS EXTERNAL BYPASS
5GarlandTechnology.com | Bypass Deployment Guide for Inline Security
IMPROVE INLINE TOOL RELIABILITY
Note: Most of the top inline tool vendors like McAfee, Palo Alto Networks, CheckPoint, and Cisco recognize and support the importance of Bypass TAP deployments with their devices.
This diagram illustrates basic enterprise topology and how a bypass TAP is paired with the various active inline tools in the network to ensure reliability.
1-to-1 inline tool deployment paired with an external Bypass TAP is the first best practice for improving tool reliability by externally managing the availability. Ensuring each inline device deployed on a critical link doesn’t bring the network down, is a basic building block.
BEST PRACTICE #1
6GarlandTechnology.com | Bypass Deployment Guide for Inline Security
Reliability and redundancy are considered the foundation for modern cybersecurity architectures: Build through reliability, reduce single points of failure opportunities, and ensure redundant failover options.
Every active inline tool should be installed with a Bypass TAP between the live network and the security device. This provides full lifecycle management of the inline device to sandbox, deploy, troubleshoot, and replace the inline device.
DEPLOYING AND MANAGING YOUR INLINE APPLIANCE
In the tense moments of unplanned downtime, a bypass TAP provides expedited problem resolution in the event of a tool failure. With the flexibility to bypass the tool, allowing a team to troubleshoot or replace the tool, then to test and validate before pushing the tool back inline for active blocking without taking the network down.
FAILURE & TROUBLESHOOTING
Having a bypass TAP in place allows teams to easily take tools out-of-band for updates, install patches, perform maintenance, troubleshoot or to optimize and validate through various modes on the network TAP, without taking the network down.
7GarlandTechnology.com | Bypass Deployment Guide for Inline Security
Inline bypass mode continuously monitors the health of the device through heartbeat packets that are passed back and forth between the TAP and the inline tool through the live traffic. If the health of the inline tool doesn’t respond, this triggers failsafe to automatically ‘bypass’ the device to keep the live network up. Out-of-band Tap ‘Breakout’ allows you to take the tap from inline to out-of-band to troubleshoot or perform maintenance while keeping the live network link-up. Sandbox and deploy new tools, first providing copies of live network traffic to optimize, test, and validate before pushing the tool inline for active blocking.
INLINE LIFECYCLE MANAGEMENT
SANDBOX DEPLOYMENT
MAINTENANCE & UPDATES
Easily take the tool from inline to out-of-band to perform maintenance or updates, providing copies of live network traffic to update, optimize, test, and validate before pushing the tool inline for active blocking.
8GarlandTechnology.com | Bypass Deployment Guide for Inline Security 1G NETWORK 1-TO-1 TOOL DEPLOYMENTS For 1Gbps networks, there are two external Bypass TAP options, the EdgeSafeTM: 1G Bypass Modular Network TAP and the EdgeSafeTM: Bypass Network TAP. This diagram shows the 1U EdgeSafe: 1G Modular Bypass TAP with 2 out of the 4 bypass TAPs managing an inline tool. This diagram shows the 2U EdgeSafe: 1G Modular Bypass TAP with 2 out of the 12 bypass TAPs managing an inline tool. EdgeSafe: 1G Bypass Modular Network TAP 1G | 1U or 2U Modular Bypass TAPs | Up to 12 Inline Bypass | Failsafe This 1G modular Bypass TAP is designed for 1-to-1 inline deployments, ensuring tool reliability, and is available in a 1U chassis with up to 4 individual bypass TAPs and a 2U chassis with up to 12 individual bypass TAPs with dual redundant power and simple easy to use GUI management. M1GSSBPM1GSCBPM1GMCBPM1GCSBPM1GCCBPM1GCM1G2DCEM1G2ACEM1G1DCEM1G1ACE edgesafe-1g-bypass-modular-network-taphttps://www.garlandtechnology.com/products/ Model #s 1G HA EdgeSafeTM Bypass IPS WAF
EdgeSafe:
products/edgesafe-bypass-network-taphttps://www.garlandtechnology.com/ Model #s
P1GCCBPP1GSSBPEP1GSCBPEP1GMSBPEP1GMCBPEP1GCSBPEP1GCCBPEP10GSSBPEP10GMSBPE
This diagram shows the EdgeSafe: Bypass TAP managing an inline tool. Bypass TAP 1G/10G | Portable Bypass TAP | Inline Bypass | Failsafe
This 1G/10G portable Bypass TAP is designed for 1-to-1 inline deployments, ensuring tool reliability and can be used as a stand-alone device or can be rack-mounted to house 4 individual bypass TAPs in a 1U, each with dual redundant power and simple easy to use GUI management.
9GarlandTechnology.com | Bypass Deployment Guide for Inline Security 1G OR 10G NETWORK 1-TO-1 TOOL DEPLOYMENTS
Easy Drag and Drop GUI Garland’s easy-to-use GUI allows the flexibility to manage each tool, configure heartbeat packets, tap modes, and settings.
This EdgeSafe: Bypass TAP model offers exclusive bypass filtering features, designed to improve inline cybersecurity tool performance. This unique bypass TAP has the capability to filter traffic to actively analyze only the traffic that needs to be monitored. A specific use case that standard bypass TAPs or switches in the industry can not accomplish –unless paired with a packet broker. This filtering capability allows SecOp teams to easily manage the availability of inline security tools, while only passing filtered traffic, like specific IP addresses, to actively secure only what you want to see. Another use case for this feature is to relieve the processing burden for an inline tool. This extends the life of the tools and saves the budget. For example, instead of relying on a decryption tool to filter traffic and decrypt/encrypt traffic, only send specific encrypted traffic to be inspected using a filtering Bypass TAP. Allowing the tool to focus its processing power on its core function.
10GarlandTechnology.com | Bypass Deployment Guide for Inline Security
ONLY SECURE WHAT YOU WANT TO SEE
Multi-use: The EdgeSafe Bypass allows you to not only manage and filter the availability of inline tools as a Bypass TAP but also provides the ability as a Network TAP to tap full-duplex links and send filtered traffic to out-of-band listen-only monitoring tools. Only send what you want to see.
5. A filter is created to pass a copy of the pink traffic to the monitor tool through Port 4
Ingress in Network Port 1 from the network
2. A filter is created to pass the orange and green traffic to the inline tool through monitor port 3
4. Pink and magenta traffic Ingress in Network Port 2 from the network
6. The pink and magenta traffic is passed to Network Port 1 and egressed, without magenta going to the tool Result (7): The out-of-band tool is monitoring the orange traffic from Port 1 and the pink traffic from Port 2 Inline Bypass Filtering Out-of-band TAP Filtering IT WORKS
HOW
Result: The inline tool is actively monitoring the orange and green traffic from port 1 and the pink from port 2
11GarlandTechnology.com | Bypass Deployment Guide for Inline Security
7. Heartbeat packets (darker pink) are passed between port 3 and port 4 and the inline tool to check the connectivity health of the tool
1. Blue, orange, yellow, green, and purple traffic
3. The blue, orange and green traffic is passed to Network Port 2 and egressed, without blue and green traffic going to the tool
1. Blue, orange, and green traffic Ingress in Network Port 1 from the network 2. A filter is created to pass a copy of the orange traffic to the monitor tool through Monitor Port 3 and Port 4
3. The blue, yellow, and purple traffic is passed on to network port 2 and egressed, without going through the inline tool 4. Pink and magenta traffic Ingress in network port 2 from the network 5. A filter is created to pass the pink traffic to the inline tool through monitor port 4 6. The magenta traffic is passed to network port 1 and egressed, without going through the inline tool
12GarlandTechnology.com | Bypass Deployment Guide for Inline Security 40G NETWORK 1-TO-1 TOOL DEPLOYMENTS This diagram shows the EdgeSafe: 40G Modular Bypass TAP with 2 out of the 3 bypass TAPs managing an inline tool. EdgeSafe: 40G Bypass Modular Network TAP 40G/10G | 1U Modular Bypass TAPs | Up to 3 40G Inline Bypass or 6 10G Inline Bypass | Failsafe This 40G modular Bypass TAP is designed for 1-to-1 inline deployments, ensuring tool reliability, and is available in a 1U chassis with 3 individual bypass TAPs with dual redundant power and simple easy to use GUI management. M10GSS2BPM10GMS2BPM40GSSBPM40GMSBPM40G1AC bypass-modular-network-tapcom/products/edgesafe-40g-https://www.garlandtechnology. Model #s
13GarlandTechnology.com | Bypass Deployment Guide for Inline Security 100G NETWORK 1-TO-1 TOOL DEPLOYMENTS This diagram shows the EdgeSafe: 100G Modular Bypass TAP with 2 bypass TAPs managing an inline tool. EdgeSafe: 100G Bypass Modular Network TAP 100G | 1U Modular Bypass TAPs | Up to 2 100G Inline Bypass | Failsafe This 100G modular Bypass TAP is designed for 1-to-1 inline deployments, ensuring tool reliability and is available in a 1U chassis with 2 individual bypass TAPs, with dual redundant power and simple easy to use GUI management. M100GSR10BPM100GLR4BPM100GSR4BPM100G1DCM100G1AC edgesafe-100g-bypass-modular-network-taphttps://www.garlandtechnology.com/products/ Model #s
14GarlandTechnology.com | Bypass Deployment Guide for Inline Security
The second inline bypass best practice is to ‘simplify the security stack’ by managing multiple inline and out-of-band tool deployments together.
This diagram illustrates how complicated enterprise security stack architecture can be today. Incorporating the many inline tools and out-of-band monitoring tools that are needed creates complex challenges for management, as well as reliability challenges by introducing many vulnerabilities for single points of failure (SPOF).
BEST PRACTICE #2
As the number of cybersecurity tools have grown, architecting and managing this has become a significant IT challenge.
Like an external Bypass deployment, install an Integrated Bypass TAP (also referred to as an inline security packet broker) between the live network and the inline security appliances. This provides full lifecycle management of the inline device to sandbox, deploy, troubleshoot, and replace the inline device.
SIMPLIFY THE SECURITY STACK
Some vendors accomplish this by deploying external bypass TAPs paired with network packet brokers. Garland integrates the Bypass TAP and packet broker in one elegant solution, providing unique capabilities and reliability, including tool chaining, load balancing, and high availability (HA).
15GarlandTechnology.com | Bypass Deployment Guide for Inline Security
Utilizing an EdgeLens Inline Security Packet Broker helps reduce those challenges by managing both inline and out-of-band tools from one access point, reducing complexity and SPOFs, while ensuring complete packet visibility.
Instead of relying on switch SPAN or external network TAPs for the various monitoring tools like Intrusion detection systems (IDS), forensics, threat hunting, packet capture, storage, and network detection and responses tools (NDR), that are placed around the network. You can now enjoy full packet visibility and ensure no dropped packets through unreliable SPAN or introducing additional SPOFs. This also reduces the number of security and performance tools needed, as you can aggregate and optimize traffic.
Garland Technology’s Inline Security Packet Broker options are available in 1G, 10G, 40G, (100G available early 2022) with 1U half-rack and 1U form factors.
1G NETWORK MULTIPLE TOOL DEPLOYMENTS
INT1G8MCBPINT1G8SCBPINT1G8CCBP network-tapproducts/edgesafe-integrated-bypass-https://www.garlandtechnology.com/ Model #s
For 1Gbps network links you have three integrated bypass TAP options: the EdgeSafe: Integrated Bypass Network TAP, the EdgeLens® Focus Inline Security Packet Broker or the EdgeLens Inline Security Packet Broker. This diagram shows the EdgeSafe: Integrated Bypass TAP managing an active and standby inline tool deployment, with the option to send out-of-band tap traffic visibility to a monitoring tool. EdgeSafe: Integrated Bypass Network TAP 1G | 1U Bypass TAP | 8 Ports | Inline Bypass | Failsafe
This 1G integrated Bypass TAP is designed to ensure tool reliability and simplify tool deployment, providing the ability to manage a High Availability (HA) active / standby deployment of two inline tools and send out-of-band TAP traffic to another monitoring tool.
16GarlandTechnology.com | Bypass Deployment Guide for Inline Security
The EdgeSafe: Integrated Bypass Network TAP is available in a 1U form factor, with dual redundant power.
1G OR 10G NETWORK MULTIPLE TOOL DEPLOYMENTS
The EdgeLens Focus has one bypass TAP and 10 packet broker ports and is available in a 1U ½ rack form factor, with dual redundant power and simple easy to use GUI management. As enterprise networks advanced beyond the edge of the network, this small 1/2 rack form factor allows teams to bring advanced inline and packet broker functionality to remote locations.
1G/10G | 1U 1/2 Inline Security Packet Broker | 1 Bypass TAP and 10 Monitoring Ports | Inline Bypass | Failsafe
This diagram shows the EdgeLens Focus managing the availability for an inline tool from one network link, with room to add additional inline or out-of-band monitoring tools with future growth.
This innovative 1G/10G integrated Bypass TAP is designed to ensure tool reliability and simplify tool deployment, providing the ability to manage High Availability (HA) active / standby deployments of two inline tools, and send out-of-band TAP traffic paired with packet broker functionality of filtering, load balancing and aggregation to multiple monitoring tools.
EdgeLens® Focus Inline Security Packet Broker
INT10G12ESBPINT10G12SSBPINT10G12MSBP network-packet-broker/products/edgelens-focus-inlinesecurity-https://www.garlandtechnology.com #s inline tool reliability
Model
INLINE BYPASS Improve
17GarlandTechnology.com | Bypass Deployment Guide for Inline Security
This diagram illustrates how the EdgeLens Focus provides the ability to send out-of-band tap traffic visibility to packet capture and storage and forensics tools – before and after the inline tool. This allows engineers to analyze packet data on both sides of the inline device to ensure optimal performance to validate any updates or troubleshoot why threats may have been missed.
Optimize and validate inline tool performance.
HISTORICAL LOOK-BACK
Simplify the security stack with inline bypass reliability and out-of-band visibility.
This diagram shows the EdgeLens Focus managing the availability for multiple inline tools and the option to send out-of-band tap traffic visibility paired with packet broker functionality of filtering, load balancing and aggregation to multiple monitoring tools.
MANAGE MULTIPLE TOOLS
BEFORE AND AFTER
18GarlandTechnology.com | Bypass Deployment Guide for Inline Security
Improve inline tool reliability and overcome bandwidth growth.
This diagram shows the EdgeLens Focus providing the ability to load balance 4 active inline tools for a network link. This ensures redundancy in the face of inline tool failures or maintenance, extending the life of lower speed tools.
ADVANCED LOAD BALANCING
19GarlandTechnology.com | Bypass Deployment Guide for Inline Security
Combine the power of multiple inline tools for robust security.
TOOL CHAINING
The EdgeLens Focus provides the ability to chain multiple inline tools from 1 tapped link, allowing you to utilize decryption/encryption tools in combination with your IPS and WAF tools from one access point.
This diagram shows the EdgeLens Focus managing an active and standby inline tool deployment.
HIGH AVAILABILITY (HA) DEPLOYMENTS
Provide redundant inline tool reliability.
20GarlandTechnology.com | Bypass Deployment Guide for Inline Security
INT40G2LR44INT40G2SR44INT10G85R56INT10G8LR56 security-network-packet-brokercom/products/edgelens-inline-https://www.garlandtechnology. Model #s BYPASS inline tool reliability
INLINE
21GarlandTechnology.com | Bypass Deployment Guide for Inline Security 1G, 10G OR 40G NETWORK MULTIPLE TOOL DEPLOYMENTS
Packet Broker 1G/10G/40G | 1U
This industry-leading 1G/10G/40G inline security packet broker is designed to ensure tool reliability and simplify tool deployment, providing the ability to manage High Availability (HA) active / standby deployments of two inline tools, and send out-of-band TAP traffic paired with packet broker functionality of filtering, load balancing and aggregation to multiple monitoring tools.
| Failsafe
Inline
This diagram shows the EdgeLens managing the availability for an inline tool from 1 to 4 network links, with room to add additional inline or out-of-band monitoring tools with future growth.
EdgeLens Security Inline Security Packet Broker 4 Bypass TAP and 32 SFP+ and 4 QSFP+ Monitoring Ports Inline Bypass
The EdgeLens has four bypass TAPs and 36 high-density packet broker ports in a 1U form factor, with dual redundant power and simple easy to use GUI management.
|
Improve
|
BEFORE
22GarlandTechnology.com | Bypass Deployment Guide for Inline Security
This diagram illustrates how the EdgeLens provides the ability to send out-of-band tap traffic visibility to packet capture and storage and forensics tools – before and after the inline tool. This allows engineers to analyze packet data on both sides of the inline device to ensure optimal performance to validate any updates or troubleshoot why threats may have been missed.
MANAGE MULTIPLE TOOLS
Optimize and validate inline tool performance.
HISTORICAL LOOK-BACK AND AFTER Simplify the security stack with inline bypass reliability and out-of-band visibility.
This diagram shows the EdgeLens tapping 4 links and managing the availability for many inline tools and the option to send out-of-band tap traffic visibility paired with packet broker functionality of filtering, load balancing, and aggregation to many monitoring tools.
23GarlandTechnology.com | Bypass Deployment Guide for Inline Security Improve inline tool reliability and overcome bandwidth growth.
ADVANCED LOAD BALANCING
This diagram shows the EdgeLens providing the ability to load balance 4 active inline tools for 4 separate network links, effectively managing the availability of up to 16 inline tools. This scales redundancy in the face of inline tool failures or maintenance, extending the life of lower-speed tools.
24GarlandTechnology.com | Bypass Deployment Guide for Inline Security
USE CASE
This diagram shows the EdgeLens load balancing 4 active inline tools on a 6G network link. Each of the IPS devices can only support 2G (2G each = 8G total) to secure the link. The traffic is balanced between all 4 devices to support the traffic.
Garland’s easy-to-use GUI allows the flexibility to manage each tool individually, and manage load balancing groups and settings. Easily set load balancing thresholds on each device to trigger after 1, 2, 3, or 4 tools are offline to trigger failsafe and bypass the tools.
If one of the IPASs goes offline, through failure or for planned maintenance, the traffic will automatically calibrate and load balance to the other 3 tools. When the device is added back, the traffic will auto reconfigure to balance the traffic to all 4 devices.
Easy Drag and Drop GUI
Combine the power of multiple inline tools with redundancy.
Garland’s exclusive design allows architects to now load balance up to 4 tools for each device in the chain, providing the ultimate redundancy combined with hardware-based inline tools chaining.
25GarlandTechnology.com | Bypass Deployment Guide for Inline Security
TOOL CHAINING TOOL CHAINING + LOAD BALANCING
Garland’s easy-to-use GUI allows the flexibility to manage each tool element, and manage load balancing and settings for each device. Easily set and manage the number of inline tools in the chain and load balancing group.
Combine the power of multiple inline tools for robust security.
The EdgeLens provides the ability to chain multiple inline tools from 1-4 tapped links, allowing you to utilize decryption/encryption tools in combination with your IPS and WAF tools from one access point.
Easy Drag and Drop GUI
diagram
the EdgeLens managing an active and standby inline tool deployment.
26GarlandTechnology.com | Bypass Deployment Guide for Inline Security Provide redundant inline tool reliability. HIGH AVAILABILITY (HA) DEPLOYMENTS
ACTIVE / STANDBY HA
When a primary inline security tool goes down, traffic automatically switches to a secondary device.
This shows
diagram
This shows
the EdgeLens managing up to 4 active / standby inline tool deployments.
ACTIVE / ACTIVE ‘CROSSFIRE’ HA When a primary inline security tool goes down, traffic automatically switches to a secondary device or redundant link.
This diagram shows the EdgeLens deployed with two redundant links, combining the power of active/ secondary redundancy with redundant link failover for the ultimate failover scenario if either device fails.
Easy Drag and Drop GUI Garland’s easy-to-use GUI allows the flexibility to manage each tool individually, and manage Primary and Secondary settings.
27GarlandTechnology.com | Bypass Deployment Guide for Inline Security
SETTING YOURSELF UP FOR INLINE DEPLOYMENT SUCCESS Looking to add a bypass solution to your inline security tool deployment, but not sure where to start? Join our engineers for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do. For more info, please visit: garlandtechnology.com/design-it As teams face the challenge of ensuring reliability and availability for their companies, utilizing Bypass TAPs with inline tools will not only increase the reliability of the network but will also provide the functionality to expedite troubleshooting and shorten maintenance windows. Incorporating Integrated Bypass TAPs streamline and simplify active inline security and out-of-band monitoring tools while ensuring reliability and availability needed for business continuity. CONCLUSION ©2021 Garland Technology LLC. All Rights Reserved
