FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home > Online Help

> Chapter 20 - Parallel Path Processing - Life of a Packet > Example 1 Client/Server Connection

Client/Server connection packet flow example

The following example illustrates the flow of a packet that is part of a session between a client and a web server with authentication, FortiGuard Web Filtering and antivirus.

Initiating connection from client to web server
  1. Client sends packet to web server.
  2. The packed is routed to a FortiGate interface.
  3. DoS sensor checks to ensure the sender is valid and not attempting a denial of service attack.
  4. IP integrity header checking. If the packet is OK it continues, otherwise it is dropped.
  5. Routing.
  6. Policy lookup.
  7. User authentication.
  8. Proxy-based inspection:
  • FortiGuard Web Filtering (FortiGuard web filtering lookup)
  • Antivirus
  1. Source NAT changes the source address to the FortiGate IP address.
  2. Routing.
  3. Interface transmission to network.
  4. Packet forwarded to web server.
Response from web server
  1. Web Server sends response packet to client.
  2. The packed is routed to a FortiGate interface.
  3. DoS sensor checks to ensure the sender is valid and not attempting a denial of service attack.
  4. IP integrity header checking. If the packet is OK it continues, otherwise it is dropped.
  5. Stateful inspection recognizes the packet is part and an established session.
  6. Source NAT changes the destination address from the FortiGate interface back to the client IP address
  7. Proxy-based inspection:
  • FortiGuard Web Filtering (FortiGuard Web Filtering lookup)
  • Antivirus
  1. Packet is routed to the client.
  2. Interface transmission to network
  3. Packet returns to client
Life of a packet - Client/server connection