Tag Archives: High-level list of processes that affect packets

High-level list of processes that affect packets

Highlevel list of processes that affect packets

In general packets passing through a FortiGate unit can be affected by the following processes. This is a complete high-level list of all of the processes. Not all packets see all of these processes. The processes a packet encounters depends on the type of packet and on the FortiGate software and hardware configuration.

 

Ingress packet flow

  • Network Interface
  • TCP/IP stack
  • DoS ACL
  • DoS Policy
  • IP integrity header checking
  • IPsec VPN decryption

Admission Control

  • Quarantine
  • FortiHeartBeat
  • User Authentication

Kernel

  • Destination NAT
  • Routing
  • Stateful inspection/Policy
  • Lookup/Session management
  • Session Helpers
  • User Authentication
  • Device Identification
  • SSL VPN
  • Local Management Traffic

 

UTM/NGFW

  • Flow-based inspection
  • NTurbo
  • IPSA
  • Proxy-based inspection

Kernel

  • Forwarding
  • Source NAT (SNAT)

Egress packet flow

  • IPsec VPN Encryption
  • Botnet check
  • Traffic shaping
  • WAN Optimization
  • TCP/IP stack
  • Network Interface