Fonic Bypass

Note - This topic is only applicable for the 1595R Wired model.

The 1595R wired model has a FONIC (Fail Open Network Interface Card) bypass mechanism implemented between the DMZ and LAN4 ports.

The Bypass mechanism is automatically activated when one of these occurs:

  • Power to the appliance is down.

  • There is a critical software failure (using watchdog logic).

These are the two Bypass mechanism modes:

  • Active - The connection between DMZ and LAN4 ports work as a normal system interface and drive data through the appliance, as long as the power is on and the software is valid. If the appliance power is off or the software has a critical problem that prevents it from maintaining a keep-alive mechanism, the Bypass circumvents the DMZ and LAN4 port connection and traffic bypasses the appliance.

  • Force-bypass - "Bypass". The connection between the DMZ and LAN4 port is forcibly bypassed and the traffic bypasses the appliance regardless of the software status.

To switch between Bypass-mechanism modes:

  • Use ClishClosed The default shell of the Gaia CLI or WebUI (see below for details).

    Or

  • Use the Bypass push button on the side of the 1595R appliance.

    In Active mode, pressing the button for more than 5 seconds switches the mode to Force-Bypass.

    In Force-Bypass mode pressing the button for more than 5 seconds, switches the mode to Active.

The Bypass LED indicates the current bypass status when power is on. When the LED is on, Bypass is activated. If the LED is off, Bypass is off.

Note - When using the button to switch modes, the status will not be saved in the configuration and the mode will switch back to the UI configured mode after a reset or power down.

When the mode is set to Active: After power is restored or after a reset, the appliance reboots and the system maintains the bypass between the DMZ/LAN4 ports until the Security PolicyClosed A collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. is activated. Once the Security Policy is activated, the system will set the Bypass to the mode configured by UI.

When the mode is set to Bypass: After power is restored or a hardware/software reset, the DMZ-LAN4 port connection is still bypassed until you reconfigure the mode and the software system is valid.

Configuring Bypass mode in the WebUI

  1. Go to DeviceAdvanced Settings.

  2. In the search field, enter "fonic."

  3. The Fonic settings - Mode attribute appears. Double-click the attribute name.

  4. In the attribute window that opens, select or clear the checkbox to change the mode from Active to Bypass mode.

  5. Click Apply.

Configuring Bypass mode in Gaia Clish

To display the current (Fonic) Bypass configured mode:

show fonic-settings advanced-settings

To switch between Active and Bypass mode:

set fonic-settings advanced-settings mode