Overview

Fast Path CG-Firewall provides firewall functions and Network Address Translation in the fast path.

Key features of Fast Path CG-Firewall are:

  • High Transparency: Fast Path CG-Firewall implements multiple advanced features like Endpoint-Independent Mapping, Endpoint-Independent Filtering, address pooling and port parity preservation. These features provide better experience to ‘nated’ users and allow scaling.
  • Fairness and Resource Sharing: Fast Path CG-Firewall provides option to limit the number of connections per user. This ensures that resources are equitably shared between the different users.
  • Support for Application Level Gateway: some protocols (e.g. FTP) requires a deep inspection

Connection tracking is directly done in the fast path without any interaction with the Linux kernel, to offer the best possible performance.

Consequently, Fast Path CG-Firewall is standalone and it has its own API to configure NAT rules.

Features

  • NAT44
  • ALGs: FTP, TFTP, RTSP, PPTP, SIP, H323
  • Port assignement: random or parity
  • Endpoint-Independent Mapping
  • Endpoint-Independent Filtering
  • Hairpinning
  • VRF support