Reduce Enterprise Risk at Machine Speed with Soar Platform Integration

In a high-availability network, the loss of a single device or power source cannot be allowed due to the risk of network connectivity disruption. This also means adding a security device to protect the network should not introduce a single point of failure. Implementing multiple firewalls together as high availability pairs is a best practice as this adds an extra fallback into the system. However, the problem still persists with single firewall applications.

Palo Alto Networks and Profitap have partnered to ensure security and optimal availability for IT networks around the globe. Combined, Palo Alto Networks next-generation firewalls and Profitap Bypass TAPs offer complete network visibility and threat prevention without reducing reliability.

Profitap develops and manufactures a range of bypass terminal access points (TAPs), currently supporting speeds of 10G and 40G. Profitap Bypass TAPs have two network ports connected in-line to the upstream and downstream network devices as well as two monitor ports that connect to a Palo Alto Networks firewall.

The Palo Alto Networks Security Operating Platform prevents successful cyberattacks through intelligent automation. Our platform combines network and endpoint security with threat intelligence and accurate analytics to help streamline routine tasks, automate protection, and prevent cyber breaches. Tight integrations throughout the platform and with ecosystem partners deliver consistent security across clouds, networks, and mobile devices, natively providing the right capabilities at the right place across all stages of an attack lifecycle. Because our platform was built from the ground up with breach prevention in mind—with important threat information shared across security functions system-wide—and architected to operate in modern networks with new technology initiatives, such as cloud and mobility, customers benefit from better security than legacy or point security products provide while enjoying lower total cost of ownership.

Palo Alto Networks and Profitap offer a complete offering for optimum availability and security of your networks, taking advantage of next-generation firewalls and bypass TAPs. This combination allows easy maintenance of in-line appliances without affecting network availability.

Under normal network conditions, the bypass switch will pass a heartbeat through the firewall to ensure operation, and all network traffic will be routed through the firewall ports. By sending heartbeat packets, the bypass TAP can accurately track if the connected device is operational. If the in-line device fails due to a hardware malfunction, power loss, or software problem, the bypass TAP’s failsafe protection will keep the critical link up.

On top of the heartbeat functionality, the in-line network port group—NET A and NET B ports—supports link failure propagation. If a network disconnection occurs on one port of the group, the other port will automatically propagate the failure on the monitored line and allow alternative data paths to be used in the network’s routing node.

Challenge: Keep the network fully operational during maintenance and troubleshooting.

Answer: Integrating a Profitap Bypass TAP into the network allows in-line appliances to be accessed at any time, such as to add, remove, and/or upgrade firewalls, without affecting network uptime or security. This is done by activating the manual bypass feature in the BP-Manager software. This way, traffic is no longer forwarded to the in-line appliance, so the device can be freely accessed. The bypass mode can be disabled for maintenance, making the in-line appliance active again. This feature makes troubleshooting or planned maintenance easy and can be done without affecting the operational stability of the network.

Challenge: Actively check the operational status of the in-line appliance.

Answer: To actively track if the in-line appliance connected to the Profitap Bypass TAP is operational, the TAP uses bidirectional, configurable heartbeat packets with the data stream that, in turn, the in-line appliance must forward. If the in-line appliance is compromised in any way, these packets will not return to the bypass TAP. In this event, the TAP will enable bypass mode to ensure the critical network link stays up.

Challenge: Maintain out-of-band monitoring.

Answer: The Profitap Bypass TAP can be set up in out-of-band mode with no need to rewire, allowing network traffic to be forwarded to intrusion detection systems or other out-of-band appliances

  • Last modified: August 13, 2021