How the Firewall Works

The i-Planet firewall application uses proven Sun Microsystems' firewall technology to protect your network with dynamic packet filtering.

Dynamic packet filtering means that firewall examines each packet as it arrives. Based on information in the packet, state retained from previous events, and a set of rules that implement the security policy for access control, the firewall passes the packet from one network to another (that is, from the Internet to your intranet) or drops it.

The i-Planet firewall application uses a set of ordered rules to filter packets. When you configure the i-Planet firewall application, you translate the security policies for this product into a series of rules that specify which services are to be allowed, what to do with packets for services that are disallowed, and what to do when packets are dropped. You then place these rules in sequence to specify which rules override others.

When the i-Planet firewall application receives a packet, it tests the packet against the rules in order. The firewall does not test each packet against each rule; it assumes that the first rule to match the service, source address, or destination address of the packet is the rule that controls the packet. Depending on the settings in the applicable rule, the firewall passes or drops the packet. If the packet does not match any rule that specifically allows it to pass, the firewall drops it.