High–level list of processes that affect packets
In general packets passing through a FortiGate unit can be affected by the following processes. This is a complete high-level list of all of the processes. Not all packets see all of these processes. The processes a packet encounters depends on the type of packet and on the FortiGate software and hardware configuration.
Ingress packet flow
- Network Interface
- TCP/IP stack
- DoS ACL
- DoS Policy
- IP integrity header checking
- IPsec VPN decryption
Admission Control
- Quarantine
- FortiHeartBeat
- User Authentication
Kernel
- Destination NAT
- Routing
- Stateful inspection/Policy
- Lookup/Session management
- Session Helpers
- User Authentication
- Device Identification
- SSL VPN
- Local Management Traffic
UTM/NGFW
- Flow-based inspection
- NTurbo
- IPSA
- Proxy-based inspection
Kernel
- Forwarding
- Source NAT (SNAT)
Egress packet flow
- IPsec VPN Encryption
- Botnet check
- Traffic shaping
- WAN Optimization
- TCP/IP stack
- Network Interface