Inline Tap (only supported on High End Series SRX)
This mode has the same separation of firewall and IDP process. However, the firewall process does not pass the traffic to the IDP process; instead it sends a copy. This allows the firewall process to complete its processing regardless of IDP processing results. This option ensures that IDP process failure or resource issue will not compromise the firewall forwarding. This will not stop single packet attacks but can stop an attack that spans multiple packets and is faster than Dedicated Mode. The downside is that traffic may be forwarded prior to an IDP event being detected.
REF: https://kb.juniper.net/InfoCenter/index?page=content&id=KB27717&actp=search
This mode has the same separation of firewall and IDP process. However, the firewall process does not pass the traffic to the IDP process; instead it sends a copy. This allows the firewall process to complete its processing regardless of IDP processing results. This option ensures that IDP process failure or resource issue will not compromise the firewall forwarding. This will not stop single packet attacks but can stop an attack that spans multiple packets and is faster than Dedicated Mode. The downside is that traffic may be forwarded prior to an IDP event being detected.
REF: https://kb.juniper.net/InfoCenter/index?page=content&id=KB27717&actp=search