Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Understanding IDP Inline Tap Mode

    The main purpose of inline tap mode is to provide best case deep inspection analysis of traffic while maintaining over all performance and stability of the device. The inline tap feature provides passive, inline detection of application layer threats for traffic matching security policies which have the IDP application service enabled. When a device is in inline tap mode, packets pass through firewall inspection and are also copied to the independent IDP module. This allows the packets to get to the next service module without waiting for IDP processing results. By doing this, when the traffic input is beyond the IDP throughput limit, the device can still sustain processing as long as it does not go beyond the modules limits, such as with the firewall. If the IDP process fails, all other features of the device will continue to function normally. Once the IDP process recovers, it will resume processing packets for inspection. Since inline tap mode puts IDP in a passive mode for monitoring, preventative actions such as session close, drop, and mark diffserv are deferred. The action drop packet is ignored.

    Inline tap mode can only be configured if the forwarding process mode is set to maximize IDP sessions, which ensures stability and resiliency for firewall services. You also do not need a separate tap or span port to use inline tap mode.

    Note: You must restart the device when switching to inline tap mode or back to regular mode.

     

    Related Documentation

     

    Published: 2012-06-29

    Previous Page Next Page