Support for multi-layer inspection
Multi-layer inspection combines access control, application identification, deep inspection, and file filtering flexibly to optimize security and system performance.
Access control includes packet filtering, connection tracking, URL categories, network application detection, user identification, authentication, and endpoint context information. Engine in the Firewall/VPN role uses state tables to track connections and check whether a packet is a part of an established connection. Engine in the Firewall/VPN role can also act as a packet filter for types of connections that do not require stateful access control. By default, all Firewall Access rules implement stateful access control.
Deep inspection checks the actual data being transferred. Deep inspection detects harmful patterns in network traffic. Traffic normalization is used to prevent advanced evasion methods, which are intended to allow harmful traffic to bypass network security devices.
File filtering includes file reputation, anti-malware, and sandbox scans.
Engine in the Firewall/VPN role can apply application level inspection with or without proxying the connections. Protocol Agents provide protocol validation for specific protocols. Protocol Agents are also used to handle protocols that generate complex connection patterns, to redirect traffic to proxy services, and to change data payload if necessary.