I would like to boot my WAF gateway (single box) from USB and re-istall a new version image in it. During this process, would the WAF gateway be Fail-Open and allowing web traffic to go through the data plane?
Anyone has such experience to share, thanks a lot.
Bypass mode (fail-open) is intended to work when WAF gateway appliance is shut down. As reinstallation procedure consists of chunks when gateway runs, when it does not run and when it reboots, I am not sure that bypass mode can ensure uninterruptable traffic flowing via gateway interfaces. Therefore we would recommend to perform reinstallation or upgrades during maintenance window with re-routing traffic to another WAF gateway (if exists) or directly to the web applications/servers. BR,Marat MakhlinOn-Prem Tech Lead.