Table of Contents
Advertisement
Security
Firewall Implementation
Outbound Firewall Processing
The following table describes the sequence of examination of packets departing from the interface.
This firewall processing is applied after the IP stack and before passing the outbound packet down
to the layer 2 driver. If the action for matching packets at a particular step is described as PASS, no
further firewall examination is applied and the packet is passed down to the driver. If the action is
described as DROP, the packet is dropped and not passed down to the driver. Packets that do not
match the criteria at that step continue processing at the next step. Packets that are passed by the
firewall and require NAPT translation are translated before passing the packet down to the driver.
Step
Test
1
Insecure IP options: loose source route, strict source route, record route, time
stamp, or invalid IP option
2
Invalid IP fragments
3
Match existing sessions: this matches ongoing sessions and applies NAPT
where appropriate.
4
Packets generated by the firewall itself; e.g. TCP RST packets.
5
User configured Advanced Filtering/Output Rule Sets/Initial Rules
6
User configured Advanced Filtering/Output Rule Sets/Interface Specific Rules as per filter
10
SIP and RTP local ports
11
User configured Access Control (based on source)
12
User configured IP/Hostname Filtering (based on destination)
13
TCP Auth requests (TCP source port 113)
14
Packet between DMZ interface and WAN interface
15
User configured Advanced Filtering/Output Rule Sets/Final Rules
last
Take default action based on user configured General Security Policy:
4-40
Maximum Security DROP
Typical Security PASS
Minimum Security PASS
Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) GUI
Action
DROP
DROP
PASS
PASS
as per filter
PASS
DROP
DROP
PASS
PASS
as per filter
Advertisement
Table of Contents
