I found that I had enabled bypass feature in appliance. Bypass status appear bypass on. However, I can see it hit some implied rules in smartview tracker. Why? Is it normal? Who can give me correct answer?
Considering it's supposed to be a hardware bypass, I'm guessing the "bypass status" is erroneous in this case.
According to the Bypass Card FAQ: Bypass (Fail-Open) network interface card FAQ
If bypass is initiated, the flipping is immediate as this is hardware bypass. Yet, the thresholds for each of the following states should be considered:There is a power loss - ImmediateThe appliance is rebooting - ImmediateUnable to allocate memory in kernel - ImmediateHigh CPU and packet drops - Threshold is set to 5,000 drops and 85% CPU usage within 20 seconds.DLP process is crash - 20 crashes within 300 secondsFWD process is not responding - Threshold is set to 75 seconds
If bypass is initiated, the flipping is immediate as this is hardware bypass. Yet, the thresholds for each of the following states should be considered:
And further, the unit will not stay in bypass mode unless one of the above conditions is satisfied.
I can see the bypass light turn green and appear bypass status is on in cli. So, it seem bypass card work normally.
Retrieving data ...