D-Link NetDefend DFL-210 User Manual page 18

1.2.3. Basic Packet Flow
connection.
10. The Traffic Shaping and the Threshold Limit Rule-sets are now searched. If a match is found,
the corresponding information is recorded with the state. This will enable proper traffic man-
agement on the connection.
11. From the information in the state, NetDefendOS now knows what to do with the incoming
packet:
• If ALG information is present or if IDP scanning is to be performed, the payload of the
packet is taken care of by the TCP Pseudo-Reassembly subsystem, which in turn makes use
of the different Application Layer Gateways, layer 7 scanning engines and so forth, to fur-
ther analyze or transform the traffic.
• If the contents of the packet is encapsulated (i.e. being IPsec, L2TP/PPTP or some other
type of tunneled traffic), the interface lists are checked for a matching interface. If one is
found, the packet is decapsulated and the payload (the plaintext) is sent into NetDefendOS
again, now with source interface being the matched tunnel interface. In other words, the
process continues at step 3 above.
• If traffic management information is present, the packet might get queued or otherwise be
subjected to actions related to traffic management.
12. Eventually, the packet will be forwarded out on the destination interface according to the state.
If the destination interface is a tunnel interface or a physical sub-interface, additional pro-
cessing such as encryption, and encapsulation and so forth might occur.
The following section provides a set of diagrams which illustrate the flow of packets through Net-
DefendOS.
5
Chapter 1. Product Overview