2 Replies Latest reply: Jan 30, 2013 11:03 PM by hemang soni RSS

    tap mode vs inline mode




      we are planing to implement the M-3050 appliance in our core network.


      We like the TAP mode, but we are not sure if it is effective as inline mode.


      Can anybody share their thoughts on this?

        • 1. Re: tap mode vs inline mode



          The detection rate is same as inline mode.

          The difference is just the availability of block the attack packet, quarantine the attacker ip.

          • 2. Re: tap mode vs inline mode
            hemang soni
            • In-line mode
              In-line mode places a Sensor directly in the network traffic path, inspecting all traffic at wire speed as it passes through the Sensor. In-line mode enables you to run the Sensor in a protection/prevention mode, where packet inspection is performed in real time, and intrusive packets can be dealt with immediately; you can drop malicious packets because the Sensor is physically in the path of all network traffic. This enables the prevention of an attack from reaching its target.

            • Full-duplex tap mode
              Tap mode works through installation of an external wire tap (I-4000,I-4010) or built-in internal taps (I-2600,I-2700). A Sensor deployed in tap mode monitors or sniffs the packet information as it traverses the network segment.

              Full-duplex taps split a link into separate transmit and receive channels. Sensors provide multiple monitoring interfaces to monitor the two channels, and Sensor ports are wired in pairs to accommodate full-duplex taps. Typically there is a limited number of SPAN ports per switch, and often there is competition for those ports. Tap mode enables you to monitor traffic on a segment of traffic where no SPAN port is available.

              The downside of tapped mode is that, unlike in-line mode, you cannot prevent attacks. Tap mode is passive; the Sensor essentially sees malicious traffic as it passes. You cannot inject response packets back through a tap, so discovering an attack in tap mode triggers a response post-attack.