Manualshelf

User guide

ManualsBrandsIBM Manualscomputers & electronicsProventia G, Mntc
11121314151617181920
Chapter 1: Introducing the Proventia Network Intrusion Prevention System
18
High Availability Modes
Introduction The Proventia Network IPS High Availability (HA) feature enables appliances to work in
an existing high availability network environment. The appliances pass all traffic between
them over mirroring links, ensuring that both appliances see all of the traffic over the
network and thus maintain state. This approach also allows the appliances to see
asymmetrically routed traffic in order to fully protect the network.
High Availability support is limited to two cooperating appliances. Both appliances
process packets inline, block attack traffic that arrives on their inline protection ports, and
report events received on their inline ports to the management console.
HA models You can use the following appliance models in an existing HA environment:
G400 series appliances
G2000 series appliances
GX5000 series appliances
GX6000 series appliances
Important: You cannot mix models in a single HA environment. For example, you cannot
use a G2000 appliance and a GX5008 appliance as an HA pair.
About HA modes You can select one of the following modes for an HA-capable appliance:
normal mode
HA protection mode
HA simulation mode
Normal mode
In Normal operation mode, the appliance cannot operate with another appliance in HA
mode. Appliances can be configured to run in inline protection, inline simulation, and
passive monitoring modes at the adapter level only.
HA protection mode
In protection mode, both HA partner appliances monitor traffic inline. Each appliance
reports and blocks the attacks received on its inline ports. The appliances also monitor the
traffic on each others segments using mirror links, ready to take over reporting and
protection in case of network failover.
HA simulation mode
In HA simulation mode, both HA partner appliances monitor traffic inline, but do not
block any traffic. Instead they provide passive notification responses. The appliances also
monitor the traffic on each others segments using mirror links, ready to take over
notification in case of network failover.