Overview

Fast Path CG-Firewall provides firewall functions and Network Address Translation in the fast path.

Key features of Fast Path CG-Firewall are:

• High Transparency: Fast Path CG-Firewall implements multiple advanced features like Endpoint-Independent Mapping, Endpoint-Independent Filtering, address pooling and port parity preservation. These features provide better experience to ‘nated’ users and allow scaling.

• Fairness and Resource Sharing: Fast Path CG-Firewall provides options to limit the number of connections per user. This ensures that resources are equitably shared between the different users.

• Support for Application Level Gateway: some protocols (e.g. FTP) requires a deep inspection.

Connection tracking is directly done in the fast path without any interaction with the Linux kernel, to offer the best possible performance.

Consequently, Fast Path CG-Firewall is standalone and it has its own API to configure NAT rules.

Features

• NAT44, NAT64

• ALGs: FTP, TFTP, RTSP, PPTP, SIP, H323, DNS over UDP

• Port assignment: random or parity

• Endpoint-Independent Mapping

• Endpoint-Independent Filtering

• Hairpinning

• VRF support

Dependencies

6WINDGate modules

• FPN-SDK Add-on for DPDK

• Fast Path Forwarding IPv4

• Fast Path Reassembly IPv4

• Fast Path Forwarding IPv6

• Fast Path Reassembly IPv6

• Fast Path Flow Inspection / Packet Capture