A network tap is a device that provides a way to access
data flowing across a computer network. Tap mode deployment allows
you to passively monitor traffic flows across a network by way of
a switch SPAN or mirror port.
The SPAN or mirror port permits the copying of traffic from other
ports on the switch. By dedicating an interface on the firewall
as a tap mode interface and connecting it with a switch SPAN port,
the switch SPAN port provides the firewall with the mirrored traffic.
This provides application visibility within the network without
being in the flow of network traffic.
When deployed in tap mode, the firewall is not able to
take action, such as block traffic or apply QoS traffic control.