PACKET FLOW CHECKPOINT AND PALOALTO

                              PACKET FLOW CHECKPOINT AND PALOALTO

Checkpoint

packet IN -> antispoofing -> rule Base (connection table) -> Nat for destination -> routing -> NAT for source -> ( NATted) Packet out

Paloalto

Basic:
Initial Packet Processing —-> Security Pre-Policy —-> Application —-> Security Policy —-> Post Policy Processing
Advance:
Initial Packet Processing —-> Source Zone/Source Address —-> Forward Lookup —-> Destination Zone/Destination Address —-> NAT policy evaluated

Security Pre-Policy —-> Check Allowed Ports —-> Session Created

Application —-> Check for Encrypted Traffic —-> Decryption Policy —-> Application Override Policy —-> Application ID

Security Policy —-> Check Security Policy —-> Check Security Profiles

Post Policy Processing —-> SSL Re-Encrypted —-> NAT applied —-> Packet forwarding