Manualshelf

R3166-R3206-HP High-End Firewalls Attack Protection Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
21
Figure 17 Network diagram for unidirectional proxy
As shown in Figure 18, all packets between the TCP client and TCP server go through the TCP proxy, and
thus you can configure unidirectional proxy or bidirectional proxy as desired.
Figure 18 Network diagram for unidirectional/bidirectional proxy
How TCP proxy works
Unidirectional proxy
Figure 19 shows the data exchange process of unidirectional proxy.
Figure 19 Data exchange process of unidirectional proxy
After receiving a SYN message from a client to the protected server (such a message matches a protected
IP address entry), the TCP proxy sends back a SYN ACK message with a wrong sequence number on
behalf of the server, that is, using the IP address and port number of the server. If the client is legitimate,
the TCP proxy will receive an RST message, and will receive a SYN message again from the client. The
TCP proxy then directly forwards the SYN, SYN ACK, and ACK messages to establish a TCP connection