Zgate processing overview, Statistics – Zilog EZ80F91GA User Manual

ZGATE Processing Overview

UM024502-1012

34

ZGATE Embedded Security Development Kit
User Manual

ZGATE Processing Overview

ZGATE performs filtering at two different layers: the Ethernet packet layer and the IP
packet layer. When Ethernet frames are received, ZGATE filters them against the Ethernet
frame type and the Ethernet MAC address filtering rules.

At the IP packet layer, ZGATE first checks all packets using the Stateful Packet Inspection
(SPI) filtering engine. If the SPI engine determines that a packet is associated with an
already-established connection, then no further filtering is performed, and the packet is not
blocked by ZGATE. As a result, unnecessary rechecking of the TCP/UDP port number, IP
protocol, and IP address, etc., is prevented because these packets were all acceptable at the
time the connection was established.

If the SPI layer does not accept or block a packet, ZGATE static filtering is performed.
The final step is to perform threshold-based filtering (if it is enabled for the ZGATE prod-
uct).

Statistics

ZGATE maintains statistics about the number of packets processed and blocked by each
filter. These statistics do not necessarily reflect the number of packets received by the
ZGATE device, or even by the ZGATE firewall. For example, the number of packets pro-
cessed by the ZGATE TCP and UDP filters is typically much fewer than the total number
of TCP and UDP packets received. Many of the UDP & TCP packets will be associated
with an established connection, will therefore pass SPI filtering, and will not require being
filtered by the static filtering engine.