The IPS policy works in one of two modes:
■ Inline mode—The Security Appliance will redirect live traffic flow assigned to the IPS
policy to the AIP-SSM for inspection. The module inspects the live packets envelope, as
well as Layers 3 to 7, for malicious or dangerous content and drops the packet if needed.
An inline AIP-SSM module sits in the forwarding path, allowing the IPS process to stop
attacks by dropping malicious traffic before it reaches its final destination. Any traffic
found to be clean is released and transmitted to its final destination. This can affect the
flow of traffic and reduces the maximum throughput of the Security Appliance.