The AIP SSM can operate in one of two modes, such as:
Inline modeThis mode places the AIP SSM directly in the traffic flow. You must first pass through and be inspected by the AIP SSM before you can continue through the adaptive security appliance.
This mode is the most secure because every packet is analyzed before it is allowed through. Also, the AIP SSM can implement a blocking policy on a packet-by-packet basis. But, this mode can affect throughput. Use the Inline keyword of the ips command in order to specify this mode.
Promiscuous modeIn this mode, a duplicate stream of traffic is sent to the AIP SSM. This mode is less secure. The SSM that operates in promiscuous mode instructs the adaptive security appliance to shun the traffic or resets a connection on the adaptive security appliance in order to block traffic.
Also, while the AIP SSM analyzes the traffic, a small amount of traffic possibly passes through the adaptive security appliance before the AIP SSM can block it. Use the Promiscuous keyword of the ips command in order to specify this mode.