In some cases, the network engine blocks packets before the Firewall rules (or intrusion prevention rules) can be applied. Once you are satisfied with your Firewall rules, change the action from Log Only to your desired action and click OK.
This way, the real world process of analyzing the traffic takes place without having to perform any action, such as blocking or denying packets. However, you can also test your rules in Inline mode, if the action of the rule is set to Log Only. In most situations, Tap mode is a good way to test your Firewall rules without disturbing traffic. To change the settings for a computer, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details)., select Inline from the drop-down list, and click Save. Once you are satisfied with your Firewall rules, go back to the Computer or Policy editor You can change these settings for a policy or for a specific computer. It is not necessary to set the action of the rule to Log Only in Tap mode. To check your rules, go to Events & Reports > Events > Firewall Events.
It’s important to test your Firewall rules in either Tap mode or Inline mode with the action for the rules set to Log Only before deploying them. All rules are applied to the network traffic before they proceed up the protocol stack.