In passive mode (that is, stream blocking is off), the NBA is supplied with a copy of the data being sent over the Internet boundary. This is normally achieved by using a data inspection port on an Ethernet switch (other names for such a port are mirror port or SPAN port). Alternatively, you can wire the NBA so that it is inline with the internet connection with the Stream Blocking setting turned off.
In passive mode, the NBA cannot actively block data because the data has already been sent to the applications either side of the Internet boundary by the time the NBA sees a copy of the data. In passive mode the NBA cannot decode SSL sessions. Policy is applied retrospectively to analyzed files and emails.
This configuration helps ensure that the NBA can have no impact on network performance, but it also means that if the data rate is higher than the NBA can accept, it will not be able to analyze all traffic. In passive mode, the NBA is a ‘best-effort’ approach.
|
Copyright © 2014 CA.
All rights reserved.
|
|