SRX Services Gateway
SRX Services Gateway

AppID - Preprocessing

‎10-13-2017 02:30 PM

Preprocessing must function before Appid to reorder and reassemble the fragments of each packet in case the signature pattern is splitted over 2 fragments for example and to avoid fragmentation anomalie ....

 

The question here : why do i need preprocessing when TCP can already perform this function ???

3 REPLIES 3
SRX Services Gateway

Re: AppID - Preprocessing

‎10-20-2017 12:53 PM
up
SRX Services Gateway

Re: AppID - Preprocessing

‎10-21-2017 10:08 AM

Without being 100% precise in the defintions I will give it a try :-)

 

for AppID to work the firewall needs to take fragmented packets, keep them in-memory until the entire PDU is received and reassemble them in-memory to figure out which App the packets relates to. 

 

When doing normal L4 firewalling with NAT the reassembly doesn't need to be done on the firewall/router. It just needs to decide if there is a matching session and if NAT-rules needs to be applied. Rreassembly of fragmented packets are handled at the destination where they are handed over to the higher layers in the OSI model.

 

A reference scheme for the Junos flow module can seen below. It's in the services part that the preprocessing and reassembly happens.

 

Picture1.png


--
Best regards,

Jonas Hauge Jensen
Systems Engineer, SEC DATACOM A/S (Denmark)
SRX Services Gateway

Re: AppID - Preprocessing

‎10-25-2017 11:52 PM
If you do not have any L7 services enabled on the FW there will be no reassembly. Re-assembly is only needed if you need to do inspection. That is why pre-processing is necessary if you have App-ID or IDP enabled.

Regards,
Anand