For enterprise networking, there is normally more than one Internet connection for reliability reasons; each connects to a different ISP. These Internet connections work in a load balancing or active-standby manner. With this configuration, asymmetric routing might occur. This raises challenges for a Deep Discovery Web Inspector deployment because Deep Discovery Web Inspector (the appliance) is a connection-oriented security gateway; it must have all data for a connection to perform scan tasks.

To solve asymmetric routing issue, Deep Discovery Web Inspector can be deployed in Transparent HA mode. If there is no asymmetric routing scenario in your network, you do not need to use this mode.

The appliance performs security scans on HTTP/HTTPS traffic that passes through the ingress and egress ports and takes action if there is a traffic match according to configured policies. The appliance can bypass scanning and let the traffic pass straight through the appliance, block the traffic without scanning, or scan the traffic and then either block or monitor the traffic, depending on actions configured in policies.

The difference between Transparent Bridge mode and Transparent HA mode is that under Transparent HA mode, each appliance sets an IP address on the bridge egress interface (br0), and each appliance rewrites the source IP address to access real web servers, which solves the asymmetric routing issue.

For environments where higher bandwidth is required for data ingress and data egress, you can implement a Transparent HA deployment with trunks using LACP link aggregation.

Configuration and policy settings are synchronized between the two Deep Discovery Web Inspector HA nodes. This synchronization is not implemented by the Deep Discovery Web Inspector itself, but by the Deep Discovery Director appliance to which the Deep Discovery Web Inspector nodes are registered. The synchronization is accomplished by configuring the Deep Discovery Director synchronization scheduling task.

Therefore, to implement a Transparent HA mode deployment, you must integrate and register each of the Deep Discovery Web Inspector HA nodes to Deep Discovery Director.