User Guide
Administration.....101
happens before filtering when traffic is entering the appliance and filtering happens before
translation when traffic is exiting the appliance.
For example, if input traffic passes through an incoming NATrule, which has translated the
destination address, then the only way for the filter rule to match a destination address is to have
the filter rule match the pattern of the translated destination address and not the original destination
address of the traffic. This is because the address was translated before it could be filtered.
Firewall and NATFlow
Number Description
1 Outside.
2 Inside.
3
Incoming NATon an inside interface before output filter on an outside interface.
4
Incoming NATon an outside interface before output filter on an inside interface.
5
Output filter on an inside interface before outgoing NATon the same inside interface.
6
Output filter on an outside interface before outgoing NATon the same outside interface.
Firewall and NATFlow Descriptions