Bypass switch

A bypass switch is a hardware device that provides a fail-safe access port for an in-line monitoring appliance such as an intrusion prevention system (IPS), firewall, WAN optimization device or unified threat management system. In-line monitoring appliances are single points of failure in computer networks because if the appliance loses power, experiences a software failure, or is removed, traffic can no longer flow through the link. The bypass switch removes this point of failure by automatically shunting traffic around the appliance whenever the appliance is incapable of passing traffic.

A bypass switch has four ports. Two network ports create an in-line connection in the network link that is to be monitored. This connection is fully passive; if the bypass switch itself loses power, traffic continues to flow unimpeded through the link. Two monitor ports are used to connect the in-line monitoring appliance. During normal operation, the bypass switch passes all network traffic through the appliance as if it were directly in-line itself. But when the in-line appliance loses power, is disconnected, or otherwise fails, the bypass switch passes traffic directly between its network ports, bypassing the appliance, and ensuring that traffic continues to flow on the network link.