A network tap is a device that provides a
way to access data flowing across a computer network. Tap mode deployment
allows you to passively monitor traffic flows across a network by
way of a switch SPAN or mirror port.
The SPAN or mirror port
permits the copying of traffic from other ports on the switch. By
dedicating an interface on the firewall as a tap mode interface
and connecting it with a switch SPAN port, the switch SPAN port
provides the firewall with the mirrored traffic. This provides application
visibility within the network without being in the flow of network
traffic.
By deploying the firewall in tap mode, you can get
visibility into what applications are running on your network without
having to make any changes to your network design. In addition,
when in tap mode, the firewall can also identify threats on your
network. Keep in mind, however, because the traffic is not running
through the firewall when in tap mode it cannot take any action
on the traffic, such as blocking traffic with threats or applying
QoS traffic control.
To configure a tap interface and begin
monitoring the applications and threats on your network: