What happens first: Firewall or Threat Prevention

Currently reading
What happens first: Firewall or Threat Prevention

fredbert

Moderator
NAS Support
Subscriber
5,153
2,085
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
  4. WRX560
Operating system
  1. macOS
Mobile operating system
  1. iOS
There's two approaches to applying access policies when there more than one engine: in parallel and in series.

I'm forgetting which way it used to be on certain firewalls but it used to be important to know at which point onward routing, NAT, and firewall rules were applied and if any changes where applied at previous steps (e.g. has NAT happened to the packet yet). With multi-core CPUs (and multi-CPU servers) it possible to run the tests concurrently and determine whether to allow the traffic or not based on the returned status of each test.

I was just wondering whether firewall rules are applied before threat prevention. It would seem probable that they are as TP is likely to be more processor intensive so best to remove known-unwanted traffic first. But I think I see some traffic in TP alert/deny logs that are from countries I've totally blocked in the FW policy (at the very top). It's hard to test on an active setup.

Anyone noticed similar or not?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

All. One minute I can see where to post then I look away and its gone (ok down off the page under...
Replies
0
Views
460
OK. I don't bother with QuickConnect for my router, there's nothing running on it that others need to have...
Replies
6
Views
1,519
I have setup from zero, thanks for trying to help. Thread can be closed now.
Replies
6
Views
1,961
Just asking again if more in-depth information or rules are available than link posted. I keep creating...
Replies
1
Views
1,273
Now I'm not looking on my phone.... The best you can do is to split the single 192.168.1.0/24 subnet and...
Replies
6
Views
2,094
  • Question
You can allow US traffic, and deny all else. That effectively denies all non-US traffic, and is superior...
Replies
13
Views
2,078

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top