Table of Contents
Advertisement
interface.
If the Access Rule lookup or the reverse route lookup determine that the source IP is invalid,
then the packet is dropped and the event is logged.
6.
A route lookup is being made using the appropriate routing table. The destination interface
for the connection has now been determined.
7.
The IP rules are now searched for a rule that matches the packet. The following parameters
are part of the matching process:
•
Source and destination interfaces
•
Source and destination network
•
IP protocol (for example TCP, UDP, ICMP)
•
TCP/UDP ports
•
ICMP types
•
Point in time in reference to a predefined schedule
If a match cannot be found, the packet is dropped.
If a rule is found that matches the new connection, the Action parameter of the rule decides
what NetDefendOS should do with the connection. If the action is Drop, the packet is
dropped and the event is logged according to the log settings for the rule.
If the action is Allow, the packet is allowed through the system. A corresponding state will
be added to the connection table for matching subsequent packets belonging to the same
connection. In addition, the service object which matched the IP protocol and ports might
have contained a reference to an Application Layer Gateway (ALG) object. This information
is recorded in the state so that NetDefendOS will know that application layer processing will
have to be performed on the connection.
Finally, the opening of the new connection will be logged according to the log settings of
the rule.
Note: Additional actions
There are actually a number of additional actions available such as address
translation and server load balancing. The basic concept of dropping and allowing
traffic is still the same.
8.
The Intrusion Detection and Prevention (IDP) Rules are now evaluated in a similar way to the
IP rules. If a match is found, the IDP data is recorded with the state. By doing this,
NetDefendOS will know that IDP scanning is supposed to be conducted on all packets
belonging to this connection.
9.
The Traffic Shaping and the Threshold Limit rule sets are now searched. If a match is found,
the corresponding information is recorded with the state. This will enable proper traffic
management on the connection.
10. From the information in the state, NetDefendOS now knows what to do with the incoming
packet:
•
If ALG information is present or if IDP scanning is to be performed, the payload of the
packet is taken care of by the TCP Pseudo-Reassembly subsystem, which in turn makes
use of the different Application Layer Gateways, layer 7 scanning engines and so on, to
Chapter 1: NetDefendOS Overview
26
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
