Next-Generation Firewall
Configure Fail Open
Table of Contents
Configure Fail Open
Configure the fail open ports on your firewall to provide a pass-through connection
in the event of a power or operating system failure.
Fail open is disabled by default; you can enable it using either the Firewall Web
Interface or the CLI. Only certain firewalls support fail open, as shown in this table.
Firewall Web Interface
Configure the fail open ports on your firewall to provide a pass-through connection
in the event of a power or operating system failure.
- Select .Select Edit ().
![]()
Select Enable Fail Open and then OK.Commit your changes.You can view the fail open status in the following two locations:- Hover over the Interface that corresponds to the firewall's bypass pair (eg. ethernet1/3) and verify that you see Fail Open: Enabled. The port icon under Link State is also different from the other icons, indicating fail open support.
- Hover over the port icon that corresponds to the firewall's bypass pair (eg. ethernet1/3) and verify that you see Fail Open: Enabled. This port icon is also different from the other icons, indicating fail open support.
CLI
Configure the fail open ports on your firewall to provide a pass-through connection in the event of a power or operating system failure.- Issue the following command:
set network interface fail-open yesCommit your change using the commit command.You can view the fail open status by inputting the following command:show interface <port> | match "Fail Open"Replace <port> with the name of the fail open port (eg. ethernet1/3).Verify that the result says Fail Open : Enabled.
