In-line mode In-line mode places a Sensor directly in the network traffic path, inspecting all traffic at wire speed as it passes through the Sensor. In-line mode enables you to run the Sensor in a protection/prevention mode, where packet inspection is performed in real time, and intrusive packets can be dealt with immediately; you can drop malicious packets because the Sensor is physically in the path of all network traffic. This enables the prevention of an attack from reaching its target.
Full-duplex tap mode Tap mode works through installation of an external wire tap (I-4000,I-4010) or built-in internal taps (I-2600,I-2700). A Sensor deployed in tap mode monitors or sniffs the packet information as it traverses the network segment.
Full-duplex taps split a link into separate transmit and receive channels. Sensors provide multiple monitoring interfaces to monitor the two channels, and Sensor ports are wired in pairs to accommodate full-duplex taps. Typically there is a limited number of SPAN ports per switch, and often there is competition for those ports. Tap mode enables you to monitor traffic on a segment of traffic where no SPAN port is available.
The downside of tapped mode is that, unlike in-line mode, you cannot prevent attacks. Tap mode is passive; the Sensor essentially sees malicious traffic as it passes. You cannot inject response packets back through a tap, so discovering an attack in tap mode triggers a response post-attack.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.