Chapter 6 Configuration Basics
6.4 Terminology in the ISG50
This section highlights some terminology or organization for the ISG50.
Table 15 ISG50 Terminology
FEATURE / TERM
IP alias
Gateway policy
Network policy (IPSec SA)
Source NAT (SNAT)
Trigger port, port triggering
Address mapping
Address mapping (VPN)
Interface bandwidth management
(outbound)
General bandwidth management
6.5 Packet Flow
Here is the order in which the ISG50 applies its features and checks.
Traffic in > Defragmentation > Destination NAT > Routing > Stateful Firewall > ADP > SNAT >
Bandwidth Management > Fragmentation > Traffic Out.
Figure 68 Packet Flow
Traffic In
The packet flow is as follows:
94
ISG50 FEATURE / TERM
Virtual interface
VPN gateway
VPN connection
Policy route
Policy route
Policy route
IPSec VPN
Interface
Policy route
Network
I/O Engine
Defragment
ALG
DNAT Routing
Forwarding Engine
SNAT
BWM
Stateful Firewall
ADP (PA/TA)
Application Classifier
Traffic Out
ISG50 User's Guide