Is it possible that a firewall configured in tap mode block traffic?

Reply
Highlighted
L3 Networker

Is it possible that a firewall configured in tap mode block traffic?

Hi,

I have recently installed a pan device in TAP mode, with a port mirroring on a cisco switch that copy traffic to the tap interface. On the policy cofigured to allow all between TAP zone and TAP zone, i have configured default security profiles, specially url filtering profile that block some categories by default, so the question is, while beeing in tap mode, is it possible that the firewall actively participate in the traffic, by blocking some urls for example? I wanr also to know if the block action in url fiktering profiles is achived by a quiet drop of paquets or by a sending of TCP RST paquet?

Regards.

Not applicable

Re: Is it possible that a firewall configured in tap mode block traffic?

My understanding is that TAP mode is merely watching traffic without that abiliity to interfere with it (i.e..using rules to block /allow etc...). The PAN gurus can answer definitively, though.

L3 Networker

Re: Is it possible that a firewall configured in tap mode block traffic?

Not supported. you will have to be inline.

L3 Networker

Re: Is it possible that a firewall configured in tap mode block traffic?

And what about block action in url filtering profile, is it a quite drop or a RST ?

Not applicable

Re: Is it possible that a firewall configured in tap mode block traffic?

You block the page with a standard or custom message page that essentially says "disallowed." Or you can use a  "continue" mechanism that indicates that the user understands they are supposed to go to the URL but can if they really want to but that the action is logged. Or you can override the request by having the user input an administrative password. Though this last item probably isn't really practical for production networks.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!