User's Manual

Chapter 6 Configuration Basics

ISG50 User’s Guide

6.4 Terminology in the ISG50

This section highlights some terminology or organization for the ISG50.

6.5 Packet Flow

Here is the order in which the ISG50 applies its features and checks.

Traffic in > Defragmentation > Destination NAT > Routing > Stateful Firewall > ADP > SNAT >

Bandwidth Management > Fragmentation > Traffic Out.

Figure 68 Packet Flow

The packet flow is as follows:

Table 15 ISG50 Terminology

FEATURE / TERM ISG50 FEATURE / TERM

IP alias Virtual interface

Gateway policy VPN gateway

Network policy (IPSec SA) VPN connection

Source NAT (SNAT) Policy route

Trigger port, port triggering Policy route

Address mapping Policy route

Address mapping (VPN) IPSec VPN

Interface bandwidth management

(outbound)

Interface

General bandwidth management Policy route

Traffic Out

Defragment ALG DNAT Routing

Forwarding Engine

Network

I/O Engine

Stateful Firewall

ADP (PA/TA)

Application Classifier

SNAT BWM

Traffic In