What happens first: Firewall or Threat Prevention

Currently reading
What happens first: Firewall or Threat Prevention

fredbert

Moderator
NAS Support
Subscriber
5,121
2,072
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
  4. WRX560
Operating system
  1. macOS
Mobile operating system
  1. iOS
There's two approaches to applying access policies when there more than one engine: in parallel and in series.

I'm forgetting which way it used to be on certain firewalls but it used to be important to know at which point onward routing, NAT, and firewall rules were applied and if any changes where applied at previous steps (e.g. has NAT happened to the packet yet). With multi-core CPUs (and multi-CPU servers) it possible to run the tests concurrently and determine whether to allow the traffic or not based on the returned status of each test.

I was just wondering whether firewall rules are applied before threat prevention. It would seem probable that they are as TP is likely to be more processor intensive so best to remove known-unwanted traffic first. But I think I see some traffic in TP alert/deny logs that are from countries I've totally blocked in the FW policy (at the very top). It's hard to test on an active setup.

Anyone noticed similar or not?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

OK. I don't bother with QuickConnect for my router, there's nothing running on it that others need to have...
Replies
6
Views
1,354
I have setup from zero, thanks for trying to help. Thread can be closed now.
Replies
6
Views
1,861
Just asking again if more in-depth information or rules are available than link posted. I keep creating...
Replies
1
Views
1,226
Now I'm not looking on my phone.... The best you can do is to split the single 192.168.1.0/24 subnet and...
Replies
6
Views
2,056
  • Question
You can allow US traffic, and deny all else. That effectively denies all non-US traffic, and is superior...
Replies
13
Views
1,974
ofc you can test the rules when they're setup. Ping from any device to any device within your LAN - ping...
Replies
11
Views
1,308
Deleted member 5784
D

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top