- Once SRX firewall pulls the packet from the input interface queue., it will first go into an algorithm to check if there is an existing session. If yes; then the packet will bypass all the policies, and it will be NATed before sending outside. If not, then the packet will be transferred to the screen option to be checked;
- In the Juniper SRX Firewall, the packet flow processing begins with a screen check. A screen is a built-in protection mechanism that performs a variety of security functions. Screens are used to detect prevent many kinds of malicious traffic, such as denial-of-service (DoS) attacks.
- If a there is no existing session for the packet and the screen check is completed; it then performs destination or static destination NAT to substitute one set of packet header address information with another.
- The software will perform the route lookup, and if the route exits for the destination prefix then it will be taken to the next step. If not, it will be dropped.
- The software determines the packet’s incoming zone by the interface through which it arrives. In addition, the software determines the packet’s outgoing zone by the forwarding lookup.
- Based on incoming and outgoing zones, the corresponding security policy is determined and a security takes place. The software checks the packet against defined policies to determine how to treat the packet.
- The software creates and installs the session based on protocol used (TCP or UDP). It is very important to know the default values of session based on those protocols. The default time for TCP session is 30 minutes and UDP session is 1 minute.
- The software then performs perform TCP header and flag checks. It performs route lookup and NAT translation, apply ALG services IDP, VPN, and other services. At this time the packet will be forwarded to outside.
Author: Eric Uwonkunda Ngabonziza