Various network appliances, such as intrusion prevention systems (IPS), network monitor probes, anti-virus and e-mail filters, exist to fulfill specialized requirements within a local area network (LAN). Typically, these appliances are attached to existing networking infrastructure equipment, such as LAN switches, to bridge certain segments of a network, thereby to provide the specialized requirements. The network appliances may be either internal or external devices and typically function as inline devices.
For example, an IPS device may be used to bridge two LAN segments together and exercise access control to protect computers within a segment of the LAN. Malicious and legitimate traffic both attempt to gain access to the internal virtual LAN (VLAN) segment of a network and, to do so, traffic enters a LAN switch which forms part of an external VLAN. The IPS device, which is an external inline device, bridges the external and internal VLANs together and thereby forms the only path between the external VLAN and the internal corporate VLAN. Before passing any traffic on to the internal VLAN, the IPS device weeds out undesirable traffic (e.g., malicious traffic), but allows legitimate traffic through.
In the event that connectivity to the IPS device fails, for example, when one of the interfaces that links to the IPS device to form the bridge fails, or when the IPS device itself fails, the traffic flow to the internal corporate VLAN, whether legitimate or malicious, is disrupted. Without a sustained flow of traffic, the corporate network environment may be critically impacted.