A lack of reported errors or congestion through the TSE does not guarantee that the components receive correct and error-free traffic. The INHA monitors the TSE for several points of failure and applies failure detection logic against the system. All components for the INHA are checked for failure. The TPS device performs the following checks to detect a failed condition and trigger a Layer-2 Fallback:
| Check back-pressure | The presence of backpressure indicates that packets are queued for processing. Failure is indicated if it does not process packets. |
| Determine traffic requirements | Detecting a failed TSE is more difficult if the TPS does not pass traffic. For the best TSE failure detection, a minimum traffic rate must pass through the device. |
| Handle the non-atomic nature of the data path. | Packets pass through each component at different times and rates, and each component's status is determined independently. INHA uses sampling to determine if the TSE is healthy. |
| Check and transmit the inbound receive counters. | Each component has received counters incremented by packets received from the previous component. The component transmits these counters incremented as packets to the next component. These counters are the most accurate and complicated way to detect TSE health. |
| Dropped packets exceed the threshold. | If too many packets awaiting deep inspection are queued up, packets will be dropped. |
| Memory lows | If available system memory is too low for proper operations. |
| Various chipset errors | Represents possible hardware problems. |
Each component also has a specific set of functions for failure checking. You can view and configure the Layer-2 Fallback behavior for each segment from the Network Segments page (Network > Segments). The default setting for each segment is to permit all traffic. Service providers usually prefer this setting because it prevents a device outage from becoming a network outage. However, for greater security, you may want to change the default Layer-2 Fallback setting to block all to guarantee that no uninspected traffic enters the network. You can view and manually change the current INHA state (normal or Layer-2 Fallback) from the High Availability menu page (System > High Availability).