SPAN destination port with ingress keyword
I am having a hard time to fully understand the concept of "ingress traffic forwarding" on span destination ports. After quiet some searching I have found the following:
"Destination port characteristics:
• When it is active, incoming traffic is disabled. The port does not transmit any traffic except that required for the SPAN session. Incoming traffic is never learned or forwarded on a destination port.
• If ingress traffic forwarding is enabled for a network security device, the destination port forwards traffic at Layer 2."
Question: Does that mean that the destination port will act as any other L2 port (trunk or access) while also receiving the mirrored traffic from the SPAN source ?
If this is the case I am wondering, what happens when the SPAN source is vlan X and the span desitnation interface has ingress traffic forwarding enabled and it is acting as an access port on vlan X !
I am also wondering what Cisco means when saying above "ingress traffic forwarding is enabled for a network security device". Are they maybe referring to some common behaviour of such devices where traffic is not sent bidirectionally or something ?
I really appreciate any help here since i am kind of stuck on this topic ...