Active Protection Suite™

Network Bypass & Active Inline Aggregation

VSS vProtector™ and PowerSafe™ modules on vBrokers can support active inline monitoring by both dual-port and single-port tools with either copper or fiber media type. Traditional active inline failsafe solutions typically only provide one-to-one network-to-tool mapping, or a simple one-to-one redundancy. VSS provides full flexibility in defining network-to-tool relationships and supports any-to-any traffic mapping between network segments and inline tools. Inline network segment to inline tool relationship may be one-to-one, one-to-many, many-to-one, or many-to-many. Multiple network segments can be aggregated to one or more inline tools. Flow-aware load balancing and speed conversion can be applied to ensure smooth and clean traffic distribution.


VSS allows you to set the type of protection your network infrastructure needs during power loss or during operation. With the PowerSafe feature, you can specify what happens to the inline network traffic when power is lost to the network infrastructure. Additionally, PowerSafe™ can be controlled on demand through manual configuration during operation of the system, such as when investigating active inline tool issues that might be affecting network traffic availability or performing tool maintenance updates.

PowerSafe enables you to enforce your organization's specific security policies in the event of power loss, or else manually, on demand. Behavior can be either Fail-Open, which allows the network traffic back to the network unmonitored, or Fail-Closed, which blocks the network traffic from continuing to flow unmonitored.

Custom Tool Health Checks

VSS supports comprehensive health checking for active inline tools. It is critical to know not only that the tool is available to receive and pass traffic, but that it is also actively inspecting and blocking traffic. VSS offers the unique ability to verify this with customizable positive and negative health check packets.

Positive health check packets test out the health and state of the hardware of the active monitoring tool, ensuring that it is powered and linked. Negative health check packets verify the software state of the active tool, ensuring that it is processing the live traffic, blocking applicable packets, and protecting the network. VSS extends health check capabilities even further by allowing users to customize health checks for their active tools.

Health check event triggers can be defined for:

  • The period of time between sending health check packets
  • The maximum time, after sending a health check packet, that it is expected to be returned
  • Whether the health check packet is expected to be returned or not
  • The initial state of the Health Check trigger prior to sending or conducting the health check of the active tool
  • The number of attempts to receive expected return health check packet before the trigger is activated
  • Which inline monitor ports are selected to have the health check packet sent out
  • The actual health check packet to be sent, which includes destination MAC address, Ethernet packet type, and the packet's payload
  • Which inline monitor ports are selected to check for a returned health check packet
  • Return health check packet filter to ensure the correct packet is identified

Availability*: vBroker Series(VB220, VB420)

*Features may be optional add-ons or not available in all products within a series.