we have IDSM-2 with about 20 inline vlan pairs in test environment. What happens to inline traffic when we exceed declared throughput of 500 Mbps? Is traffic dropped or is it forwarded without IPS inspection.
If you exceed the monitoring capability of the sensor, then packets that can not be monitored will be dropped by the sensor.
NOTE: 500Mbps is not an absolute performance number for the sensor. It is a performance level that the sensor has been testeed to be able to handle for specific types of traffic used in the performance test. It is unknown exactly how much traffic the sensor will be able to handle for your network. The IDSM-2 will likely handle AROUND 500 Mbps is many and even most customer networks. However, networks do vary and in some networks it may handle quite a bit less traffic, and in other networks might handle even more.
So the question isn't what will happen if you send more than 500 Mbps, but rather what will happen if you send more of your traffic than what the sensor is able to monitor. And the answer is that any traffic that can not be monitored because of performance limitations will be dropped by the sensor.
The only time packets are forwarded without inspection is if sensorApp has stopped monitoring ALL packets (either a reconfiguration or upgrade is taking place, or the sensorApp process has crashed) AND the auot software bypass functionality has kicked in. In which case ALL packets would be forwarded without analysis.