The SRX device receives a packet and determines that it does not match an existing session.After SCREEN
options are evaluated, what is evaluated next?
A.
source NAT
B.
destination NAT
C.
route lookup
D.
zone lookup
what is evaluated next?
The SRX device receives a packet and determines that it does not match an existing session.After SCREEN
options are evaluated, what is evaluated next?
Answer: B
first-packet-path processing:
1. Based on the protocol used and its session layer (TCP or UDP), the software starts a session timer. For TCPsessions, the default timeout is 30 minutes. For UDP sessions, the default timeout is 1 minute. These values are the defaults, and you can change them.
2. The software applies firewall SCREEN options.
3. If destination NAT is used, the software performs address allocation.
4. Next, the software performs the route lookup. If a route exists for the destination prefix, the software takes the next step. Otherwise, it drops the packet.
5. The software determines the packet’s incoming zone by the interface through which it arrives. The software also determines the packet’s outgoing zone by the forwarding lookup.
6. Based on incoming and outgoing zones, the corresponding security policy is determined and a security policy lookup takes place. The software checks the packet against defined policies to determine how to treat the packet.
7. If source NAT is used, the software performs address allocation.
8. The software sets up the ALG service vector.
9. The software creates and installs the session. Furthermore, the software caches the decisions made for the first packet into a flow table, which subsequent packets of that flow use.
10. The packet now enters the fast-path processing.