⚙️ Packet Parameter Generator
🔌 Attach Live Debug / Trace Log
LINA Firewall Engine (Layer 3 / 4)
Ingress Physical
LINA→
Capture Check
LINA→
IP Defrag
LINA→
Existing Conn?
LINASlow-Path Flow
VPN Decrypt
LINA→
UN-NAT (DNAT)
LINA→
L3 Route Lookup
LINA→
Prefilter Policy
LINA→
L3/L4 ACL
LINAHandover to Snort 3 Engine
Snort 3 Threat Prevention (Layer 7)
DAQ Handover
Snort→
Stream Defrag
Snort→
SSL Decrypt
Snort→
Security Intel
Snort→
Identity Rule
Snort↓
L7 App Filter
Snort→
URL Filtering
Snort→
IPS (Snort 3)
Snort→
AMP Malware
Snort→
SSL Encrypt
SnortEgress Post-Processing
LINA Egress core processing
Flow Update
LINA→
Egress NAT (PAT)
PAT Source→
QoS Shaping
LINA→
VPN Encrypt
Crypto Tunnel Engine→
L2 ARP Gateway
LINA→
Egress Send
LINA
Prefilter Trust/Fastpath Bypass
↓
Ingress Process
Receive Packet
ethernet1/1→
Parsing & Zone
Parser→
Ingress Error?
Zone Protection→
FW Inspect?
Inspection Check→
VPN Decrypt?
IPsec/SSL VPNSP3 Split Gateway (Forks into Session Setup vs Fastpath Acceleration)
Branch A: Slowpath / Session Setup
Forwarding
Route Lookup→
NAT Policy
DNAT Check→
Security Policy
L3/L4 Rulebase→
Install Session
Session TableBranch B: Fastpath Acceleration
Session Lookup
Session Engine→
L2 - 4 Process
Timer UpdateSSL Inspection Gateway
SSL Decrypt?
SSL ProxyDynamic App Identification (App-ID Engine Core Loop)
Application Identification (App-ID)
Pattern App-ID
App ID→
Policy Re-Match Loop
L7 Rulebase→
App Allowed Check
Action Verify→
Scan Setup
SP3 InitializeContent-ID Parallel Engine
Single-Pass Parallel Scan Engine
Antivirus
Content-IDVulnerability Protection
Content-IDAnti-Spyware
Content-IDWildFire Analysis
Content-IDURL Filtering
Content-ID
SP3 App-ID Bypass Lane
↓
SSL Encryption Gateway
SSL Re-encrypt
SSL ProxyForwarding / Egress
Egress Processing
QoS & Route→
VPN Encrypt
IPsec Encapsulate→
Transmission
Egress WireIngress Packet Flow (Link Layer & Ingress Security)
Interface (L2)
Ingress→
DoS Sensor
SPU→
IP Integrity
Header→
IPsec Decrypt
VPN→
NAT (DNAT) / VIP
VIP→
Routing Lookup
Route→
TCP State Sanity Check
L4 Validation
NP7 Fastpath Session Bypass
↓
Stateful Engine Fork
Stateful Inspection Engine Fork
Session Lookup
Match Found?Slow Path (Session Setup) Flow
Session Helpers
Helpers→
Authentication
FSSO/Auth→
Local Mgmt Traffic
System Check→
Firewall Policy Lookup
Firewall RuleSSL Inspection Gateway
SSL Inspection Gateway
Deep Inspection Profile
Gateway→
SSL Decrypt
SPU CP9UTM Profile Inspection Splits
Flow-Based Inspection Engine
Security Profile Check
UTM Check→
IPS Engine
IPS Profile→
Application Ctrl
App ID→
Flow AV
Malware→
Flow WebFilter
URL ReputationProxy-Based Inspection Engine
Proxy Required?
Buffering→
VoIP Inspection
SIP Proxy→
DLP Scan
Data Leak→
Email Filter
Spam Blocker→
Proxy AV
Buffered Scan→
ICAP Server
OffloadEgress Packet Flow
Egress Packet Flow (Reordered)
SSL Re-encrypt
Gateway→
NAT (SNAT)
PAT Source→
IPsec Encrypt
VPN→
Traffic Shaping
QoS→
Interface (TX)
Egress CableSND Ingress & Link Layer Acceleration
NIC In
eth0→
SND Decrypt?
VPN Check→
SND QoS?
QoS ClassifySecureXL Acceleration Driver
SecureXL Driver
RouterFast Path (Bypasses Slowpath & UTM)
Template Hit
SecureXLMedium Path (PXL - Buffers to CMI Blades)
PSL Stream
SecureXLSlow Path (F2F - CoreXL Kernels)
F2F Path
SecureXLCoreXL Inbound Chains
F2F Session Hit?
Conn Table→
NAT (Dest)? [DNAT]
Inbound→
Firewall Policy [Access]
Rulebase→
In-Chain Mods
VM Kernel→
Content Scan?
RedirectCheck Point CMI Engine Matrix
PSL Stream Engine
PSL→
CMI Blades Loader
CMI→
HTTPS Decrypt
SSL Decrypt→
L7 App Control
AppControl→
URL Filtering
URLFilter↓
IPS Engine
IPS→
Anti-Bot / AV
AB / AV→
Threat Emulation
Sandbox→
HTTPS Encrypt
SSL Encrypt→
Blades Verdict
ActionRouting & Stateful Egress Outbound
Routing & Outbound Kernel
Routing Lookup
OS Router→
Source NAT?
Outbound SNAT→
Out-Chain Mods
VM KernelPath Execution & Egress Driver
Path Execution & Outbound Gateway
Path Resolved
F2F/PXL/Accel→
QoS OUT?
Bandwidth OUT→
VPN Encrypt?
ESP Encapsulate→
NIC Out
eth1↓ Fast Path
↓ Medium Path
↓ Slow Path
🔍 Inspection Details
Please simulate a packet trace to inspect step details.