Any big pros/cons compared to each other?
My understanding if TAP mode only TCP reset action available...
To others who have tested other sandbox compared to Symantec ATP, do you have any paritcular comment?
May PM me if required, thanks
Tap mode simply passively monitors the traffic without taking action if something malicious is found.
Inline mode will actively block malicious traffic.
Thanks for the clarifying the difference between the modes, Brian.