Publication Date: 2016-06-17 | Views: 301 | Downloads: 0 | Author: m00515467 | Document ID: EKB1000124356
When Configuring the Bi-direction NAT (both Source and Destination were changed inside the Firewall) ,what is the right sequence to process the packets inside the firewall ,it is related to 4 processes .
1.Destination NAT .
The NAT process is as follows:
1. The NGFW receives a packet from a user and searches for a server-map entry that is generated using the static mapping function:
a.If a match is found, the NGFW translates the destination address based on the entry and performs 3.
b.If no match is found, the NGFW performs 2.
2.The NGFW searches for a destination NAT entry.
a.If a match is found, the NGFW forwards the packet based on the entry.
b.If no match is found, the NGFW performs 3.
3. The NGFW searches the routing information, including policy-based routing data, to obtain a route for the packet.
a.If a matching route is found, the NGFW performs 4.
b.If no matching route is found, the NGFW discards the packet.
4. The NGFW checks the packet against security policies.
a.If the packet matches a security policy and the policy allows the packet to pass through, the NGFW performs 5.
b.If the packet matches a security policy but the policy does not allow the packet to pass through, or the packet does not match any security policy, the NGFW discards the packet.
5. The NGFW searches for a source NAT entry.
a.If the packet matches the source NAT entry, the NGFW translates the source address from a private address into a public address and creates a session for the user.
b.If the packet does not match the source NAT entry, the NGFW directly creates a session for the user.
6. The NGFW sends the packet based on the session information.