hi Tim, thanks for the response - but reading the description that sounds like the firewall itself still has to be inline, which i'm trying to avoid here.
I guess what does the rest of the config have to look like for it to function correctly off a span port? ie there wouldn't be any routing or IP interfaces involved. Thanks, Will On Sep 12, 2012, at 11:35 AM, Tim Eberhard wrote: > High end SRX's support tap mode. Branch as far as I know do not. > > http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-security/topic-45272.html > > Hope this helps, > -Tim Eberhard > > On Wed, Sep 12, 2012 at 10:33 AM, William McLendon <[email protected]> wrote: >> hi everyone, >> >> do SRX firewalls support a "tap mode" installation? Really just looking at >> it for purposes of evaluation of IDP functionality where tap mode would be >> the least intrusive method to see data vs having to put it inline (and then >> deal with the inevitable "you put a device inline and now XYZ doesn't work!") >> >> I seem to recall that they do not, and they have to be installed in L3 mode >> or in Transparent mode, but was hoping I may have missed the feature in a >> release note somewhere. >> >> Thanks, >> >> Will >> _______________________________________________ >> juniper-nsp mailing list [email protected] >> https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
