Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
Intrusion Defense Firewall 1.2 User's Guide - Trend Micro? Online ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Packet Processing Sequence<br />
Both incoming and outgoing network traffic gets fed through a pipeline of modules:<br />
Verification: Basic checks for validity of the packet<br />
<strong>Micro</strong> Filter: Basic firewall bypass rules are enforced at this layer<br />
Blacklist: Maintains a list of known bad IPs as used by the Traffic Analysis feature<br />
Fragmentation: Fragments packets that are larger than the MTU<br />
<strong>Firewall</strong> Rules : All packets not processed by the <strong>Micro</strong> Filter are processed by the <strong>Firewall</strong><br />
Stateful Inspection, SSL Decryption, and DPI Rules: Acts as one module where the following<br />
functions are performed:<br />
o Stateful Inspection: Maintains known connections that are valid for a response. This<br />
feature also controls the connection limits and does SYN Flood and ACK Storm protection<br />
o SSL Decryption: If required and configured this feature decrypts the SSL protected<br />
traffic for analysis by the DPI engine<br />
o DPI: Deep Packet Inspection engine that does pattern matching and custom code<br />
operations<br />
Reassembly: Reassembles fragmented packets for later use by the DPI engine<br />
Although incoming and outgoing traffic flow through the pipeline in the same order, the internal sub-order<br />
inside the Stateful Inspection, SSL, and DPI module depends on traffic direction:<br />
© Copyright 2010 <strong>Trend</strong> <strong>Micro</strong> Inc. www.trendmicro.com<br />
All rights reserved. - 142 -