Fast Path CG-Firewall provides firewall functions and Network Address Translation in the fast path.
Key features of Fast Path CG-Firewall are:
- High Transparency: Fast Path CG-Firewall implements multiple advanced features like Endpoint-Independent Mapping, Endpoint-Independent Filtering, address pooling and port parity preservation. These features provide better experience to ‘nated’ users and allow scaling.
- Fairness and Resource Sharing: Fast Path CG-Firewall provides option to limit the number of connections per user. This ensures that resources are equitably shared between the different users.
- Support for Application Level Gateway: some protocols (e.g. FTP) requires a deep inspection
Connection tracking is directly done in the fast path without any interaction with the Linux kernel, to offer the best possible performance.
Consequently, Fast Path CG-Firewall is standalone and it has its own API to configure NAT rules.
- ALGs: FTP, TFTP, RTSP, PPTP, SIP, H323
- Port assignement: random or parity
- Endpoint-Independent Mapping
- Endpoint-Independent Filtering
- VRF support