Layer 2 Engine deployment in Passive Engine mode
In Passive Engine mode, a Layer 2 Engine inspects but does not actively filter traffic.
Layer 2 Engines can be deployed in Passive Engine mode in two ways:
- In capture mode to inspect packets that have been duplicated for inspection through SPAN or mirror ports.
- In passive inline mode by setting the engine to only log connections by default.
In a capture mode installation, packets are duplicated for inspection through a SPAN or mirror port on a switch/router. In a Layer 2 Engine Cluster, each node must be connected to a SPAN or mirror port of its own.
When you select Only Log Connection mode for the global Default Connection Termination, you can deploy Layer 2 Engines in Passive Engine mode in an inline configuration.