Quote:
Originally Posted by kj1978  Hi Guys,
I am bit confused with the way rule processing works on the firewall.
CCSA examcram2 book says that rule processing works as below :
1.Anti spoofing checks
2. "First" implicit rules
3.Explicit rules (except for the final rule)
4."Before last" implicit rules
5. Last explicit rule (cleanup rule)
6. "Last" implicit rule
7. Network address translation
If i look at the checkpoint courseware, it shows rule processing as follows:
1. Network address translation
2.Anti spoofing checks
3. "First" implicit rules
4.Explicit rules (except for the final rule)
5."Before last" implicit rules
6. Last explicit rule (cleanup rule)
7. "Last" implicit rule
Can anyone advise what is the correct order of rule base processing and whether NAT is checked after explicit rules or before the explicit rules ?
Thanks
KJ |
It's more complicated than that. Remember that the firewall checks traffic on all interfaces, both inbound and outbound, so you have to consider what happens on both network stacks.
Consider:
1. Anti-spoofing makes decisions based upon source IP address.
2. Routing makes decisions based upon destination IP address.
3. The rulebase makes decisions based partially upon both source and destination IP address.
4. NAT can change both source and destination IP address.
Therefore, there can be some complex interactions, and the order of the operations matters.