In an attempt to increase FireWall-1 throughput, Nokia implemented what is essentially a copy of the connection table at the device driver level. In what Nokia terms flowpath, incoming packets now get a connection table lookup at the same time they get a routing table lookup from the network interface device driver. The connection table lookup is done with the cached copy, not the FireWall-1 copy. If the packet matches an established connection, it is immediately forwarded on to its destination. If the packet does not match a connection table entry, it is passed up to the FireWall-1 kernel module, where it continues with the slowpath process as normal. Changes to the FireWall-1 connect...
- Chapter 6. Advanced System Administration and Troubleshooting
- from Nokia Firewall, VPN, and IPSO Configuration Guide
- Publisher: Elsevier Science, Syngress
- Released: February 2009
Kind of like dCEF!
Share this highlighthttp://www.safaribooksonline.com/a/nokia-firewall-vpn/73238/