How to configure Skyhigh Web Gateway with the Fail-Open 2000 Kit
Last Modified: 2023-12-12 11:34:43 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
How to configure Skyhigh Web Gateway with the Fail-Open 2000 Kit
Technical Articles ID:
KB73798
Last Modified: 2023-12-12 11:34:43 Etc/GMT EnvironmentSkyhigh Web Gateway (SWG)
The article applies only to a single SWG appliance deployed in transparent bridge mode. SummaryThis article provides guidance on configuring SWG in transparent bridge mode with the Copper Fail-Open 2000 Kit. Fail-Open 2000 is a separate hardware device that must be ordered separately from the SWG appliance. It's not included by default.
ProblemWhen SWG is configured in transparent bridge mode, it represents a single point of failure. If the appliance fails for some reason, it can disrupt all internet access.
For customers that prefer an option that allows this connection to fail open and allow users direct access, use the Fail-Open 2000 hardware. NOTE: This kit went End of Sale in January 2016, and currently, there's no successor product, but it's still supported. CauseIn transparent bridge mode, SWG acts as a physical pathway for traffic. If this pathway isn't working, it prevents all internet access.
SolutionIMPORTANT: Configuration of the Fail-Open Kit requires that you've already set up the SWG with bridged network interfaces in transparent bridge mode. This prerequisite is needed for the following steps. You can find information about configuration of the transparent bridge in the product guide. See the "Related Information" section for more information.
Configuring the Fail-Open unit:
Interface layout:
Now that the Fail-Open unit is configured, you can connect the network interfaces. We recommend leaving the serial connection running for troubleshooting, although it's not needed for operation. You can disconnect it after you've verified proper function. When SWG is configured as a transparent bridge, you normally bridge the first two interfaces,
Troubleshooting: Heartbeat packets travel out through Port C through the SWG and back on Port D. This route makes it easy to test a failure by unplugging the connection at Port C. You see the status in the serial console. The "D" command output shows that the device enters Bypass Mode. You can then reconnect the device to resume normal operation (in about 30 seconds). For more troubleshooting and product information, see the Fail-Open Product Guide attached to this article. All references to the web interface see the EWS product and do not apply when using the Fail-Open Kit with SWG. With SWG, you must configure the device using a direct serial connection and a terminal services client. AttachmentAffected ProductsLanguages:This article is available in the following languages: |
|