You can always create your own 'tap mode' by simply configuring Filter Based Forwarding and shunting your selective traffic through your IDP. I did this all the time in my previous life when dealing with security devices that couldn't scale enough to place in-line.
Stefan Fouant JNCIE-SEC, JNCIE-SP, JNCIE-ENT, JNCI Technical Trainer, Juniper Networks Follow us on Twitter @JuniperEducate Sent from my iPad On Sep 12, 2012, at 11:43 AM, William McLendon <[email protected]> wrote: > hi Tim, > > thanks for the response - but reading the description that sounds like the > firewall itself still has to be inline, which i'm trying to avoid here. > > I guess what does the rest of the config have to look like for it to function > correctly off a span port? ie there wouldn't be any routing or IP interfaces > involved. > > Thanks, > > Will > > On Sep 12, 2012, at 11:35 AM, Tim Eberhard wrote: > >> High end SRX's support tap mode. Branch as far as I know do not. >> >> http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-security/topic-45272.html >> >> Hope this helps, >> -Tim Eberhard >> >> On Wed, Sep 12, 2012 at 10:33 AM, William McLendon <[email protected]> >> wrote: >>> hi everyone, >>> >>> do SRX firewalls support a "tap mode" installation? Really just looking at >>> it for purposes of evaluation of IDP functionality where tap mode would be >>> the least intrusive method to see data vs having to put it inline (and then >>> deal with the inevitable "you put a device inline and now XYZ doesn't >>> work!") >>> >>> I seem to recall that they do not, and they have to be installed in L3 mode >>> or in Transparent mode, but was hoping I may have missed the feature in a >>> release note somewhere. >>> >>> Thanks, >>> >>> Will >>> _______________________________________________ >>> juniper-nsp mailing list [email protected] >>> https://puck.nether.net/mailman/listinfo/juniper-nsp > > > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
