Packet inspection (Ingress)
In
Figure 252, in the first set of steps (ingress), a number of header checks take place to ensure the packet is valid and contains the necessary information to reach its destination. This includes:
• Packet verification - during the IP integrity stage, verification is performed to ensure that the layer 4 protocol header is the correct length. If not, the packet is dropped.
• Session creation - the FortiGate unit attempts to create a session for the incoming data
• IP stack validation for routing - the firewall performs IP header length, version and checksum verifications in preparation for routing the packet.
• Verifications of IP options - the FortiGate unit validates the rouging information