摘要 |
A method for controlling traffic between different entities on a network in which packets of received data are inspected, and if encapsulated, are decapsulated layer by layer and, after each layer is decapsulated, the packet is inspected to determine if the packet is to be acted upon or discarded. Apparatus for controlling traffic between different entities on a network in accordance with a predetermined policy, the policy being applied to network traffic being passed between logical zones, wherein each logical zone can be simultaneously associated with one or more types of network entity and in particular t at least one of said source and destination zones includes both physical entities and logical entities,
|