I just want to be more elaborative to explain my doubt. 1.So as you answered NAT Evaluation = nat lookup. which i know. but my question is NAT applied in first policy is after all the things like packet decrypted, scanned and contenet inspection done in security profile and at last you are applying the NAT. But in second diagram you have applied the NAT first and then you are doing other things like. app -id identification and content inspection. you are not doing NAT at last after all these things. So first image says you will apply NAT Policy before forwarding packet to egress. after you wil check application by decryption etc; after you check security Policy,profiles and re-encrypt the traffic. 2. In second ;it is not decyrption policy lookup:- this is SSL Proxy:- decrypt packet if applicable (no lookup -direct decrypt if applicable) session APP Identified is not explained even in link in detail, you have shared, so i expect this is ; it will create session of app once it will identify the app. if it is new request then it wll not identify session app becuase it has not created session for that application and it will go for application Identification. so from here i can expect firewall create 2 sessions. one session is created with 6 tupple information and second is created for application which is session application. i think this is PREDICT Session type. 3. my question is 2 time decypt is shown ; i am not asking once dycrypt then why encrypt. that i know packet need to be encrypted at last before sending. but once your have done SSL Decryption then in application identification section at the last why decryption is added again and its arrow is going towards SSL Decrypt SINGLE PASS:- what is meaning of single pass here ???? IN PALO ALTO?? like if a packet is processed in Network hardware engine it should not passed to again to that engine. But in packet flow it is hapening. Or may be single pass is having different meaning.
... View more
Hi Team, i have seen two diagrams of packet flow from palo alto website. in Below NAT Policy evaluated is shown in first step. which is part of Network processor (slow path) and NAT applied after Application and security Policy it means from security processor it is again sent to network processor for applying NAT. which says that packet is passed twice from one processor. It cant be considered as single pass. But in below diagram which is more descriptive. NAT is evaluated in slow path which is correct and NAT is applied in fast path here this makes sense to me that as network processor is continued so it should be applied here only. to avoid any multi pass. 1 QUESTION:- so question is which is correct? if both are correct then why in first one nat applied shown at last? 2. Question:- Decryption is shown in 2 places:- first one is in fast path:- after l2-l4 processing and second one is at the last of application identification. 3 Question:-there is no arrow which shows that before content inspection- application is identified. only session app is shown if session app not found then it should go for app identification and then it should come back where????? .
... View more