|
action
|
Operation performed if a route or packet matches all criteria
defined in a match condition. Actions are configured in terms. You
can specify one or more actions in a term. See also match
condition; term.
|
|
firewall filter
|
See stateful firewall filter; stateless firewall filter.
|
|
match condition
|
Criteria that an incoming or an outgoing route or packet on
a Services Router must match for an action to occur. Match conditions
are specified in terms. If you specify more than one match condition,
all the conditions must match in a route or packet for an action to
occur. See also action; term.
|
|
multifield (MF) classifier
|
Firewall filter that scans through a variety of packet fields
to determine the forwarding class and loss priority for a packet and
polices traffic to a specific bandwidth and burst size. Typically,
a classifier performs matching operations on the selected fields against
a configured value.
|
|
Network Address Port Translation (NAPT)
|
Method of concealing a set of host ports on a private network
behind a pool of public addresses. NAPT can be used as a security
measure to protect the host ports from direct targeting in network
attacks.
|
|
Network Address Translation (NAT)
|
Method of concealing a set of host addresses on a private network
behind a pool of public addresses. NAT can be used as a security measure
to protect the host addresses from direct targeting in network attacks.
|
|
policer
|
Component of firewall filters that limits the amount of traffic
passing into or out of an interface to thwart denial-of-service (DoS)
attacks. A policer applies rate limits on bandwidth and burst size
for traffic on a particular Services Router interface.
|
|
service set
|
Collection of services. Examples of services include stateful
firewall filters and Network Address Translation (NAT).
|
|
stateful firewall filter
|
Type of firewall filter that evaluates the context of connections,
permits or denies traffic based on the context, and updates this information
dynamically. The context includes IP source and destination addresses,
TCP port numbers, TCP sequencing information, and TCP connection flags.
|
|
stateless firewall filter
|
Type of firewall filter that statically evaluates the contents
of packets transiting the router and packets originating from,
or destined for, the router. Information about connection states
is not maintained.
|
|
term
|
Component of a routing policy or firewall filter that defines
its criteria (match conditions) and results (actions). A routing policy
or firewall filter can have one or multiple terms. See also match condition; action.
|
|
trusted network
|
Network from which all originating traffic can be trusted—for
example, an internal enterprise LAN. Stateful firewall filters allow
traffic to flow from trusted to untrusted networks.
|
|
untrusted network
|
Network from which all originating traffic cannot be trusted—for
example, a WAN. Unless configured otherwise, stateful firewall filters
do not allow traffic to flow from untrusted to trusted networks.
|