|
action
|
Operation performed if a route or packet matches all criteria defined
in a match condition. Actions are configured in terms. You can specify one
or more actions in a term. See also match condition; term.
|
|
firewall filter
|
See stateful firewall filter; stateless
firewall filter.
|
|
match condition
|
Criteria that an incoming or an outgoing route or packet on a Services
Router must match for an action to occur. Match conditions are specified in
terms. If you specify more than one match condition, all the conditions must
match in a route or packet for an action to occur. See also action; term.
|
|
multifield (MF) classifier
|
Firewall filter that scans through a variety of packet fields to determine
the forwarding class and loss priority for a packet and polices traffic to
a specific bandwidth and burst size. Typically, a classifier performs matching
operations on the selected fields against a configured value.
|
|
Network Address Port Translation (NAPT)
|
Method of concealing a set of host ports on a private network behind
a pool of public addresses. NAPT can be used as a security measure to protect
the host ports from direct targeting in network attacks.
|
|
Network Address Translation (NAT)
|
Method of concealing a set of host addresses on a private network behind
a pool of public addresses. NAT can be used as a security measure to protect
the host addresses from direct targeting in network attacks.
|
|
policer
|
Component of firewall filters that limits the amount of traffic passing
into or out of an interface to thwart denial-of-service (DoS) attacks. A policer
applies rate limits on bandwidth and burst size for traffic on a particular Services Router interface.
|
|
service set
|
Collection of services. Examples of services include stateful firewall
filters and Network Address Translation (NAT).
|
|
stateful firewall filter
|
Type of firewall filter that evaluates the context of connections, permits
or denies traffic based on the context, and updates this information dynamically.
The context includes IP source and destination addresses, TCP port numbers,
TCP sequencing information, and TCP connection flags.
|
|
stateless firewall filter
|
Type of firewall filter that statically evaluates the contents of packets
transiting the router and packets originating from, or destined for,
the router. Information about connection states is not maintained.
|
|
term
|
Component of a routing policy or firewall filter that defines its criteria
(match conditions) and results (actions). A routing policy or firewall filter
can have one or multiple terms. See also match condition; action.
|
|
trusted network
|
Network from which all originating traffic can be trusted—for
example, an internal enterprise LAN. Stateful firewall filters allow traffic
to flow from trusted to untrusted networks.
|
|
untrusted network
|
Network from which all originating traffic cannot be trusted—for
example, a WAN. Unless configured otherwise, stateful firewall filters do
not allow traffic to flow from untrusted to trusted networks.
|