The Security Appliance forwards the packet to the desired destination
subject to clearance from the application inspection engine.
5.
The destination system responds to the initial request returning the packet. 6.
The Security Appliance receives the reply packet, performs the inspection, and looks up the connection in
the connection database to determine whether the session information matches an existing connection.
7.
The Security Appliance forwards the packet belonging to an existing established session. 8.
Table 6-2 lists all the application protocols and details for which the Security Appliance provides application
layer inspection capability.
Security Context
Software Version 7.0 introduced the capability to create multiple virtual firewalls, which are also referred to as
security contexts within a single appliance. Multiple contexts are similar to having multiple standalone devices.
Each virtualized partition is an independent device and has its own set of security policies (NAT, access list,
routing, and so on), logical interfaces, and administrative domain. Multiple contexts mode supports almost all
the options that are configurable on a standalone device, such as NAT, firewall features, routing tables, IPS, and
management features.
Pages:
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266