[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec and Filtering Question?



Umesh,

>If IPSec and Firewall (filtering) is on the same box (security gateway),
>what is the order of processing for both inbound and outbound packets?
>Should the filtering rules be applied first and then IPSec?

IPsec does not require that a separate set of filters be applied to traffic
if a unified implementation already provides the requisite features
described for the SPD.  So, a product which combines IPsec and a (more full
featured) firewall would be compliant if it provided a superset of the
features mandated by the SPD.  The SPD is a performance requirement, not a
design requirement. A product must perform in a fashion that is equivalent
to what the SPD does but one does not have to implement an SPD per se.

Steve




References: