Figure 6.8 Firewall Flow
ITEM DESCRIPTION
1 Outside.
2 Inside.
3
Input
filter on an
inside
interface.
4
Input
filter on an
outside
interface.
5
Output
filter on an
inside
interface.
6
Output
filter on an
outside
interface.
Table 6.5 Firewall Flow Table Descriptions
Firewall and NATflow
Traffic flowing through the appliance which is expected to be both translated and filtered will require both NATand firewall
rules designed to match the traffic patterns appropriately. Translation happens before filtering when traffic is entering the
appliance and filtering happens before translation when traffic is exiting the appliance.
For example, if input traffic passes through an incoming NATrule, which has translated the destination address, then the
only way for the filter rule to match a destination address is to have the filter rule match the pattern of the translated
destination address and not the original destination address of the traffic. This is because the address was translated before
it could be filtered.
Vertiv | Avocent® Universal Management Gateway Appliance Installer/User Guide | 80
To Next Page
Loading...
