Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

RED: Fail open if device fails

Currently all in-line RED deployment options (Standard/Unifed, Standard/Split, Transparent/Split) will fail "closed" when the UTM is unreachable. Ah option to permit the RED to fail "open" when the UTM is unreachable and allow traffic to the internet (as it does during normal operation with split-tunnel traffic) would greatly reduce dependence upon the central location for businesses that heavily use internet hosted applications. We can live without the AV & URL filtering for short periods of time.

42 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    -gf--gf- shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Jean-Francois AnctilJean-Francois Anctil commented  ·   ·  Flag as inappropriate

        I totally agree with "-gf-" on that suggestion. I'm working on a little project that could be achieved with a RED deployment but the RED staying in "fail-closed mode" when its losing connection with the ASG is a non-sense to me. I don't understand why nobody raised the flag before. Everybody understand why somebody would force the internet traffic to go through the tunnel but not having an option to use the Internet when the tunnel is down (Internet connection problems or ASG updates) is a big mistake....

        I think RED has potential. Keep your good work on that.

      • -gf--gf- commented  ·   ·  Flag as inappropriate

        Unfortunately the 'split' deployments require a second gateway, driving up costs for deployment at scale. It seems that the simplicity of the RED makes it ideal for large scale, simple, cookie cutter deployments. The scale of such deployments makes loss of internet access to the central UTM very expensive. There's a contradiction between stated purpose and implementation of the REDs.

      Feedback and Knowledge Base