Packet Flow Architecture - Allied Telesis AR Series Technical Manual
Feature overview and configuration guide advanced network protection
Hide thumbs
Also See for AR Series:
- Configuration (43 pages) ,
- Hardware reference manual (100 pages) ,
- Hardware reference manual (111 pages)
Table of Contents
Advertisement
Selecting a Security Solution
By the nature of its operation, proxy-based scanning provides the best detection, and is equivalent
to desktop computer based anti-virus systems. However, it is also more memory and CPU resource-
intensive, and therefore inherently slower than stream-based scanning.
A single-user connection to a single website can potentially involve managing multiple simultaneous
sessions.
Stream-
In contrast, stream-based scanning processes data simply in the order that the packets come along.
based
processing
Stream-based engines are designed for maximum throughput with minimum latency, as they do not
inherently suffer from the overhead of having to proxy connections, and do not have to wait to
receive, store, and scan entire objects contained in data transfers prior to forwarding them across a
security boundary.
Data is scanned on a layer-by-layer approach as it arrives. It is deeply scanned against various
threat signatures in real time—from comparing source and destination IP addresses against an IP
Reputation list (if IP Reputation is configured), through Layer 5 information (such as HTTP/1.1 Get
requests embedded in HTTP packets), through to embedded application data within the stream,
such as a Torrent or Skype, and so on.
There is inherently slightly less protection using this approach compared to proxy-based protection,
as data is allowed to pass through the security boundary up until the point that a threat is detected,
at which point it is blocked.
Stream-based security scanning engines consume noticeably less system memory and CPU
processing power compared to proxy-based engines. This is because entire files traversing the
security device do not need to be individually downloaded. Also, file fragments do not need to be re-
assembled prior to scanning and subsequent fragmentation and forwarding.
The stream-based features supported by AlliedWare Plus/ AR-Series firewalls are:
IPS
Malware Protection
IP reputation
URL Filtering.
Packet Flow Architecture
Stream-based features are capable of performing high-throughput low-latency threat protection.
However, as discussed above, when proxy-based features are also enabled, performance can
decrease and latency will increase as the proxy connections are formed, and data is processed and
completely re-scanned through each security feature in turn. This can lead to valid concerns around
effects on performance, connections per second, latency, and so on as each security feature is
used.
C613-22104-00 REV B
Advanced Network Protection
|
Packet Flow Architecture
Page 25
Hide quick links:
Advertisement
Table of Contents
