This feature is supported for R7x and R80.x versions running on Gaia OS only, in Single Gateway configuration.
For VSX R77 and above, the Bypass Card Hotfix is required. Contact Check Point Solution Center via local Check Point office to get a Bypass Card Hotfix.
The Bypass feature is supported by the 4000, 5000, 12000, 13000, 15000, 23000, 6000, 7000, 16000, 26000 and 28000 appliance series. It is also supported on SandBlast Appliances TE100x, TE250X, TE1000X, TE2000X and TE2000X HPP.
This is currently not supported. If Bypass Card is required on other appliances, please open a Request for Enhancement (RFE) with Check Point (contact the local Check Point office to submit such RFE).
The Bypass Card is not supported in Cluster environments (High Availability mode or Load Sharing modes). This is an undesirable scenario and if required, it should be well investigated.
When Bypass kicks in, communication between the cluster members is not guaranteed. The traffic might pass through the first device in fail-open mode with no inspection and will be transparent to the switches on both sides. Again, this is an undesirable scenario in cluster environments.
Starting from R77, Bypass Card is also supported in VSX mode. Contact Check Point Solution Center via local Check Point office to get a Bypass Card Hotfix.
If bypass is initiated, the flipping is immediate as this is hardware bypass. Yet, the thresholds for each of the following states should be considered:
There is a power loss - Immediate
The appliance is rebooting - Immediate
Unable to allocate memory in kernel - Immediate
High CPU and packet drops - Threshold is set to 5,000 drops and 85% CPU usage within 20 seconds.
DLP process is crash - 20 crashes within 300 seconds
FWD process is not responding - Threshold is set to 75 seconds
