Summary
Forcing the IPS into L2FB.
Intrinsic Network High Availability (INHA) also known as "Layer 2 Fallback" (L2FB) determines how the IPS device manages traffic on each segment in the event of a system failure. When the system fails, the device goes into Layer-2 Fallback mode and either permits or blocks all traffic on each segment, depending on the L2FB action setting for the segment. When the device is in L2FB mode, any traffic allowed through the device will not be inspected; it simply passes through the device.
Intrinsic Network High Availability (INHA) also known as "Layer 2 Fallback" (L2FB) determines how the IPS device manages traffic on each segment in the event of a system failure. When the system fails, the device goes into Layer-2 Fallback mode and either permits or blocks all traffic on each segment, depending on the L2FB action setting for the segment. When the device is in L2FB mode, any traffic allowed through the device will not be inspected; it simply passes through the device.
Details
Why would you want to place device in L2FB?
- You need to apply a critical DV update or policy distribution as fast as possible and want to eliminate any latency caused by the IPS.
- You are experiencing a network problem and want to eliminate the IPS as the source.
Q: What does L2FB do?
A: L2FB bridges the two ports for a given segment so that traffic coming into the IPS immediately goes back out without going through hardware or software inspection.
To place your IPS device into Layer 2 Fallback from Command Line interface (CLI) issue the following command:
# high-availability force fallback
To place the IPS back into a normal mode issue the following command:
# high-availability force normal
