Outbound Packet Rule Checking
If the packet is allowed by the rules (and is not destined for the Screen itself), before being sent out on the appropriate interface, it is:
-
Translated - The Screen determines whether it should use NAT to convert the source address information in the packet. If NAT is being used , the translated source address information is modified to the source address. Depending on the type of packet, the Screen may also modify address information in the data portion of the packet or modify packet checksums.
-
Encrypted - The Screen determines whether the packet should be encrypted based upon the information in the rule that matched. If the packet should be encrypted, the Screen calls the SKIP key manager or IKE, which identifies the appropriate encryption keys and algorithms and encrypts the packet. The SKIP key manager or IKE passes the encrypted packet back to the Screen, which then forwards the packet.
A packet is only tested against the packet-filtering rules once.
- © 2010, Oracle Corporation and/or its affiliates