1. In transparent and composite modes, to improve forwarding performance, the USG5300 session table records the information about the MAC forwarding table. In normal cases, the firewall queries the MAC forwarding table when receiving the first obverse or reverse packet to identify the egress, and then caches the information about the egress in the session table. The firewall checks whether the destination MAC address of the subsequent packet is different from that recorded in the session table, or the VLAN of the ingress is different from that recorded in the session table. If yes, the firewall queries the MAC forwarding table again. If no, the firewall does not query the MAC forwarding table, and forwards the packet according to the egress information cached in the session table. In this way, the firewall supports the same packet passing through the firewall twice, but both are of the Layer-2 forwarding process.
2. In transparent and composite modes, a packet passes through the firewall twice, in the Layer-2 forwarding process first and then in the Layer-3 forwarding process. The USG5300 does not support this special application. This type of applications may include that other hosts or NEs access the Vlanif interface on the firewall. The applications need to be avoided through the networking change.