Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.
Traffic distribution is used to distribute the messages reaching Network Secure to the corresponding VSYSs for processing.
If no VSYS is configured on Network Secure, the messages reaching Network Secure are directly processed based on the policies and tables (session tables, MAC address tables, and routing tables) in the public system. If VSYSs are configured on Network Secure, each VSYS operates as an independent device and processes messages based only on its own policies and tables. Therefore, when a message reaches Network Secure, Network Secure must determine the VSYS to which the message belongs and then forward the message to the VSYS for processing. The process of determining the VSYS to which a message belongs is called traffic distribution.
Network Secure supports interface-based and VLAN-based traffic distribution. Interface-based traffic distribution is applicable to Layer 3 interfaces, and VLAN-based traffic distribution is applicable to Layer 2 interfaces.
Traffic distribution on Layer 3 interfaces
Check whether the ID of the VSYS to which the interface belongs is the same as the VSYS ID in the packet context.
If not, modify the packet context and forward the packet to the VSYS for processing. If yes, continue to process the packet in the public system.
Traffic distribution on Layer 2 interfaces
Check whether the packet carries a VLAN ID.
If yes, find the ID of the VSYS to which the interface belongs based on the VLAN ID/VSYS ID mapping table. If not, continue to process the packet in the public system.
Check whether the ID of the VSYS to which the interface belongs is the same as the VSYS ID in the packet context.
If not, modify the packet context and forward the packet to the VSYS for processing. If yes, continue to process the packet in the public system.
{{ $t('index.defaultHeader.chromeBrowserTip') }}