Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    1G Copper Bypass Card

    Off-Topic & Non-Support Discussion
    3
    8
    401
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hkjarral last edited by

      Hello,

      I have searched through forum and haven't had any luck. Has anyone successfully used and 1G copper bypass with pfsense on PC. I see silicom provides such cards and haven't found any post which confirms if its works with pfsense or not although silicom states its supported on FreeBSD. I am open to trying any other copper bypass cards as well.

      1 Reply Last reply Reply Quote 0
      • JeGr
        JeGr LAYER 8 Moderator last edited by

        @hkjarral said in 1G Copper Bypass Card:

        Has anyone successfully used and 1G copper bypass with pfsense on PC.

        What for? What are you trying to achieve with it?

        1 Reply Last reply Reply Quote 0
        • H
          hkjarral last edited by

          I am trying to set edge inline firewall with snort in bridge mode and bypass will be useful in case there is a power failure.

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            Bypass always seems like a good idea until you realize if someone knocks out the IDS on purpose, it's worthless.

            Sometimes it may be less convenient to fail closed, but it's more secure. Bypass is the wrong answer to that problem.

            1 Reply Last reply Reply Quote 0
            • H
              hkjarral last edited by

              I want to give it a shot and see how it works out. For now I need any information on quad port nic cards which support bypass. Here are my two options, I want to know if either of these would work.

              https://www.intel.com/content/www/us/en/ethernet-products/gigabit-server-adapters/pro-1000-pt-quad-port-bypass-server-adapter-brief.html

              or

              https://www.silicom-usa.com/pr/server-adapters/networking-bypass-adapters/gigabit-ethernet-bypass-networking-server-adapters/pe2g4bpi80l-bypass-card/

              Appreciate and help on these cards.

              1 Reply Last reply Reply Quote 0
              • JeGr
                JeGr LAYER 8 Moderator last edited by

                Sorry, any hardware I have/had that actually has bypass options I check it's disabled. What use for a firewall/border gateway/filtering device, if you could just launch a DoS against its filter to bring it down to bypassing? Never could make a usecase stick for bypass, so I'm no help I'm afraid. Just can add from real world scenarios that in 99% of all use cases I've seen, you don't want that. But maybe you found a useful scenario, then I'm happy to hear :) Power failures are no useful cases, as your firewall should be on an USV anyway (and be setup to restart after powerloss) and for those 1-2min, all customers are more happy to be safe than to have a potential security risk opened. :)

                1 Reply Last reply Reply Quote 0
                • H
                  hkjarral last edited by

                  Appreciate the feedback, I perfectly understand the least use case for bypass but in our case since our applications are mission critical and access externally, we cant even afford 1-2min downtime.

                  Anyhow I will work on something and see if I can workout something with code to deploy a fully working inline firewall with bypass capability on power failure. Since FreeBSD supports it, there might be some way around it.

                  Thanks for all the assistance.

                  1 Reply Last reply Reply Quote 1
                  • JeGr
                    JeGr LAYER 8 Moderator last edited by

                    Thanks! I wouldn't mind your feedback on findings of the watchdog/bypass configuration. One simply doesn't know, when he meets the 1% he needs it for :)

                    1 Reply Last reply Reply Quote 0

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2020 Rubicon Communications, LLC | Privacy Policy