| 摘要 |
A network security device for controlling the flow of packets into and out of an internal network , includes first and second network cards and a stateful inspection firewall. The first network card forwards each packet for inspection to determine whether or not the packet is part of an existing session. If the packet is part of an existing session it will be forwarded to the second network card and on to the internal network. If the packet is not part of an existing session it will be compared with a set of rules to determine whether the packet is acceptable or not acceptable to the network. If the packet is acceptable, it will be forwarded to the second network card and to the internal network and the session is entered into the stateful inspection table, and if the packet is not acceptable it will be dropped and will disappear. During the outflow of packets an outbound packet passes through the second network card where it is inspected to determine whether or not it is part of an existing session and, if so, it is forwarded to the first network card to exit the device, and, if not, it is compared with the set of rules and if the packet is acceptable it is forwarded to the first network card to exit the device and, if not, it is dropped and disappears.
|
