Life of a Packet

Chapter 18 Troubleshooting : Life of a Packet

Life of a Packet

Directed by security policies, a FortiGate unit screens network traffic from the IP layer up through the application layer of the TCP/IP stack. This chapter provides a general, high‑level description of what happens to a packet as it travels through a FortiGate security system.

The FortiGate unit performs three types of security inspection:

• stateful inspection, that provides individual packet-based security within a basic session state

• flow-based inspection, that buffers packets and uses pattern matching to identify security threats

• proxy-based inspection, that reconstructs content passing through the FortiGate unit and inspects the content for security threats.

Each inspection component plays a role in the processing of a packet as it traverses the FortiGate unit in route to its destination. To understand these inspections is the first step to understanding the flow of the packet.

This section contains the following topics:

• Stateful inspection

• Flow inspection

• Proxy inspection

• Comparison of inspection layers

• FortiOS functions and security layers

• Packet flow

• Example 1: client/server connection

• Example 2: Routing table update

• Example 3: Dialup IPsec VPN with application control