Connections (xlate and conn tables): Maintaining state information for each connection. This
information is used by the Adaptive Security Algorithm and cut-through proxy to effectively forward traffic
within established connections.
Inspection Engine: Perform stateful inspection coupled with application-level inspection functions. These
inspection rule sets are predefined to validate application compliance as per RFC and other standards and
cannot be altered.
Figure 6-5. Adaptive Security Algorithm Operations
[View full size image]
Figure 6-5 is numbered with the operations in the order they occur and are detailed as follows:
An incoming TCP SYN packet arrives on the Security Appliance to establish a new connection. 1.
The Security Appliance checks the access list database to determine whether the connection is permitted. 2.
The Security Appliance creates a new entry in the connection database (XLATE and CONN tables) using
the necessary session information.
3.
4.
3.
The Security Appliance checks the predefined rule sets in the inspection engine and in case of well-known
applications, further performs application-level inspection.
4.
At this point, Security Appliance makes a decision whether to forward or drop the packet according to the
findings of the inspection engine.
Pages:
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265