# Gateway Failure Policy

- Canonical URL: https://docs.fairvisor.com/docs/reference/gateway-failure-policy/
- Section: docs
- Last updated: n/a
> Fail-open vs fail-closed behavior when gateway cannot reach edge.


When the gateway cannot call Fairvisor (timeout, DNS, network), choose an explicit policy.

## Decision matrix

| Policy | Security posture | Availability impact | Typical use |
|---|---|---|---|
| Fail-closed | Strong | Higher risk of blocking good traffic | high-risk/regulated endpoints |
| Fail-open | Weaker | Better uptime under control-plane failures | low-risk/public traffic |

## Timeout guidance

- keep gateway->edge timeout low (typically 200-500 ms)
- avoid unbounded auth call retries on hot path
- log and metric every fallback decision

## Recommended default split

- write/update/admin endpoints: fail-closed
- read-only/public endpoints: fail-open (with alerting)

## Operational requirement

Document the chosen policy per route and test both normal and failure paths in staging.