22 | Juniper Networks, Inc.
Step 6
C
ONNECT
THE
NS-IDP-BYP
(
OPTIONAL
)
If you are running NetScreen-IDP 10, 100, 500, or 1000 appliances in bridge or
transparent mode, you can use the NS-IDP-BYP (Bypass Unit) to provide fail-
open protection for your IDP system.
To connect the NS-IDP-BYP to your network:
1. Connect IDP-IN and IDP-OUT to the IDP appliance. On the IDP
appliance, you must use the port pairs eth0 and eth1 or eth2 and eth3.
(If you have a quad card installed, you can also use port pairs eth4 and
eth5, eth6 and eth7, or eth8 and eth9.)
2. Connect NET-IN to the untrusted switch.
3. Connect NET-OUT to the trusted switch.
The Bypass Unit uses a heartbeat mechanism to check the status of the IDP
appliance by sending a heartbeat from IDP-OUT to IDP-IN every second, as
shown below. The heartbeat packet passes through the IDP appliance, which
processes and forwards the packet to IDP-IN.
U ntrusted
S w itch
T rusted
S w itch
ID P A ppliance
B ypass U nit
ID P -O U T
N o rm al T raffic F lo w
B yp ass T raffic F lo w
H eartb eat F lo w
ID P -IN
N E T -IN
N E T -O U T
N S -ID P -B Y P