This section provides an overview of how Application-level Gateway handles incoming connections, and the task and purpose of the different PNS components.
Application-level Gateway firewall rules permit and examine connections between the source and the destination of the connection. When a client tries to connect a server, Application-level Gateway receives the connection request and finds a firewall rule that matches the parameters of the connection request based on the client's address, the target port, the server's address, and other parameters of the connection. The rule selects a service to handle the connection. The service determines what happens with the connection, including the following:
The Transport-layer protocol permitted in the traffic. For example, TCP or UDP.
The service started by the firewall rule. This also determines the application-level protocol permitted in the traffic. Application-level Gateway uses proxy classes to verify the type of traffic in the connection, and to ensure that the traffic conforms to the requirements of the protocol, for example, downloading a web page must conform to the HTTP standards.
The address of the destination server. Application-level Gateway determines the IP address of the destination server using a router. Routers can also modify the target address if needed.
The content of the traffic. Application-level Gateway can modify protocol elements, and perform content vectoring. See Chapter 14, Virus and content filtering using CF for details.
How to connect to the server. For nontransparent connections, Application-level Gateway can connect to a backup server if the original is unreachable, or perform loadbalancing between server clusters.
Who can access the service. Application-level Gateway can authenticate and authorize the client to verify the client's identity and privileges. See Chapter 15, Connection authentication and authorization for details.
The operations and policies configured in the service definition are performed by a Application-level Gateway instance.
Published on June 04, 2020
© 2007-2019 BalaSys
Send your comments to support@balasys.hu