Interface Dispatcher (SND) R80.30+ Logical Packet Flow Copyright by Heiko Ankenbrand 1996-2020 - v1.

yes
Decrypt id Decryption
no
ID
2
yes iq
QoS QoS IN
no IQ Enqueue/ Dequeued IN

yes disable SecureXL IP

disable
SecureXL IP SK104468

no

yes yes
SecureXL RST,
Connection FIN, SYN …
Table Packet

no no no
establish
yes establish yes
new NAT new
Accept no
1 SecureXL 1 Template SexureXL yes Content
Template
Connection sk NAT Inspection
needed
no

yes no yes
Drop Fast Accel
Discard 1 Template rule
Fast Accel in
R80.20 JHF103+
no SK156672

Slow Path (F2F) Medium Streaming Path Fast Path

(PXL / CPASXL) (Accelerated Path)

fw_worker X SecureXL
CoreXL
yes
Connection
Tabel
Content Inspection
no
no
Firewall
Discard 1 Policy
possible in SecureXL and CoreXL, therefore only shown schematically
yes
add Conn. Table

yes
NAT (Dest)
Table

no

NAT
yes Content Inspection
1 other Security Modules
Policy

no TED HTTPS URLF

add NAT Table

NAT IPS AC Anti Bot

record connection AV more Security Modules

more In-Chain Modules

Passive Streaming
no Library (PSL)
Content Classifier
Inspection APP1
1 packet subsequent APP2
yes APP3
Inline Streaming
Content Inspection Path Protocol Parsers
Observer
(PSL / CPAS)
I
Protections Handler Security Policy
routing

action
o
fw_worker X
Log Connection IPS  prevent detect inactiv
yes
NAT (Src)
Table AC  drop allow

no NAT

more Out-Chain Modules

More SecureXL features:

Cryptography, Tunnel, LinkSelection, DynamicVPN, NATTraversal, Crypto Algorithms,…

yes
QoS oq QoS OUT
Enqueued/ Dequeued OUT
no OQ
2
yes
Encrypt oe
Encryption
no OE
Interface
1 2
only the first packet in the firewall VPN and QoS is possible in SecureXL and/or CoreXL, therefore only shown schematically