Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Attack Protection Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
31323334353637383940
31
Figure 35 Network diagram for unidirectional proxy
Figure 36 Network diagram for unidirectional/bidirectional proxy
How TCP proxy working mechanism
Unidirectional proxy
Figure 37 Data exchange process in unidirectional proxy mode
After receiving a SYN message from a client to the protected server (such a message matches a protected
IP address entry), the TCP proxy sends back a SYN ACK message with a wrong sequence number on
behalf of the server, that is, using the IP address and port number of the server. If the client is legitimate,
the TCP proxy will receive an RST message, and will receive a SYN message again from the client. The
TCP proxy then directly forwards the SYN, SYN ACK, and ACK messages to establish a TCP connection
between the client and the server.
After the TCP connection is established, the TCP proxy forwards the subsequent packets of the connection
without additional processing.