Is there a general rule for the order in which processing firewall ACLS and NAT policies take place on the same device, or is it normally vendor/device specific?
I have only worked with SonicWalls before, but I did a packet capture using the SonicWall's built in packet capture tool and it looks like the firewall rules are applied first, then the NAT policies are applied (even though the timings are showing both occurring at the same time, the packet ordering always comes in this way). I previously tried looking for the answer in their documentation, but didn't find anything.
Also, say if a firewall ACL is matched, then a NAT policy is matched, do firewall ACLs get checked again since the translated address might not be matched by the previous firewall ACL (assuming this is all occurring on the same device)?. Would this behavior likely be more vendor/device specific?
I appreciate your feedback!
No comments:
Post a Comment