|
firewall filter
|
See stateful firewall filter; stateless
firewall filter.
|
|
multifield (MF) classifier
|
Firewall filter that scans through a variety of packet fields to determine
the forwarding class and loss priority for a packet and polices traffic to
a specific bandwidth and burst size. Typically, a classifier performs matching
operations on the selected fields against a configured value.
|
|
network address port translation (NAPT)
|
Method of concealing a set of host ports on a private network behind
a pool of public addresses. It can be used as a security measure to protect
the host ports from direct targeting in network attacks.
|
|
Network Address Translation (NAT)
|
Method of concealing a set of host addresses on a private network behind
a pool of public addresses. It can be used as a security measure to protect
the host addresses from direct targeting in network attacks.
|
|
policer
|
Feature that limits the amount of traffic passing into or out of an
interface. It is an essential component of firewall filters that is designed
to thwart denial-of-service (DoS) attacks. A policer applies rate limits on
bandwidth and burst size for traffic on a particular Services Router interface.
|
|
service set
|
Collection of services. Examples of services include stateful firewall
filters and Network Address Translation (NAT).
|
|
stateful firewall filter
|
Type of firewall filter that evaluates the context of connections, permits
or denies traffic based on the context, and updates this information dynamically.
Context includes IP source and destination addresses, TCP port numbers, TCP
sequencing information, and TCP connection flags.
|
|
stateless firewall filter
|
Type of firewall filter that statically evaluates the contents of packets
transiting the router, and packets originating from, or destined for,
the router. Information about connection states is not maintained.
|
|
term
|
Firewall filters contain one or more terms that specify filter match
conditions and actions.
|
|
trusted network
|
Network from which all originating traffic can be trusted—for
example, an internal enterprise LAN. Stateful firewall filters allow traffic
to flow from trusted to untrusted networks.
|
|
untrusted network
|
Network from which all originating traffic cannot be trusted—for
example, a WAN. Unless configured otherwise, stateful firewall filters do
not allow traffic to flow from untrusted to trusted networks.
|