TAP Mode

Description

A network segment in TAP mode will send all traffic between the network ports, and mirror the traffic from the network ports to the monitoring ports. The system provides configuration options that determine the exact mirroring configuration.

A network device connected between the monitoring ports can inspect the traffic without impacting the network.

Generally,any changes to the packets will NOT be reflected in the main traffic path (between the network ports).

The following diagram shows the packet flow for TAP mode. Traffic flows in both directions between Net0 and Net1. In addition, traffic from Net0 is mirrored to Mon0 and traffic from Net1 is mirrored to Mon1:

The FortiBridge mirrors the incoming traffic from NET0 to MON0 and the incoming traffic from NET1 to MON1

State Transitions

The following diagram illustrates the state transitions that relate to TAP mode.

Failure Detection and Recovery

There is no heartbeat probe in TAP mode, because a failure in the monitoring path does not impact the main traffic flow (between the network ports).

In TAP mode, the system provides the following failure detection mechanisms: l System Power Failure

The following sections provide details about these failure actions and the associated recovery actions for each mechanism.

System Power Failure

If the FortiBridge experiences a power loss, each network segment transitions to passive bypass mode.

Recovery

After the failure has been resolved, you must manually transition the segment to TAP mode.