Objects > Packet Broker Profile
The Packet Broker profile defines how the firewall forwards traffic to a security chain, which is a set of inline, third-party security appliances that provides additional security inspection and enforcement. The profile defines the firewall interfaces used to connect to the security chain, the type of security chain (Routed Layer 3 or Layer 1 Transparent Bridge), the first and last appliances in a Layer 3 security chain, session distribution (load balancing) among multiple Layer 3 chains, and health monitoring and actions to take upon a path or HTTP latency failure. You attach a Packet Broker profile to a Packet Broker policy rule. The policy rule defines the traffic to forward to the security chain and the profile defines how to forward that traffic.
Before you can configure a Packet Broker profile, you must dedicate at least two Layer 3 interfaces on the firewall to forward traffic to the security chain.
- Select an interface to use for Packet Broker forwarding.
- Set theInterface TypetoLayer3.
- Select.AdvancedOther Info
- SelectNetwork Packet Brokerto enable the interface.
- Repeat these steps with another Ethernet interface. If you want more than one dedicated connection (for example, to connect to multiple security chains), configure a pair of Ethernet interfaces for each dedicated connection.
Packet Broker Profile Settings
Give the profile a descriptive name.
Optionally describe the profile settings or purpose.
Security Chain Type
Select the type of security chain to which the firewall forwards decrypted traffic:
(Transparent Bridge mode only) Enable IPv6 traffic forwarding.
Select whether traffic enters the security chain from one firewall interface and exits the security to the other firewall interface, or if traffic can enter and exit the security chain from both firewall interfaces.
The flow direction you select depends on the type of appliances in the security chain. For example, if a security chain has stateless devices that can examine both sides of a session, you could choose a unidirectional flow.
The Network Packet Broker interfaces that the firewall uses to forward traffic to and receive traffic from a security chain. You must configure each interface as a Network Packet Broker interface, as described at the beginning of this help topic.
Security Chains Tab
Configure one or multiple (for load balancing or redundancy) Layer 3 security chains on one pair of Network Packet Broker firewall interfaces. For the
Routed (Layer 3)security chain type, you must configure at least one security chain to specify where to forward traffic. For multiple security chains, aswitch or other device must handle the routing between the firewall and the chains.
The options on this tab are only available for Layer 3 (routed) security chains.
Enable the security chain.
Give the security chain a descriptive name.
Enter the IPv4 address of the first and last devices in the security chain or define a new Address Object to easily reference the device.
Session Distribution Method
When forwarding to multiple
Routed (Layer 3)security chains, choose the method that the firewall uses to distribute sessions among multiple security chains:
Health Monitor Tab
On Health Check Failure
When you enable health checks (
HTTP Monitoring, or
HTTP Monitoring Latency), you also decide what happens if a chain (or all chains if there are multiple chains) fails. If there are multiple chains and one or more chains fail a health check but at least one chain is still healthy, the firewall distributes traffic to the remaining chains based on the
Session Distribution Method. If all of the chains associated with a pair of firewall Network Packet Broker interfaces, you can:
Health Check Failed Condition
If you configure more than one health check (you can configure all three health checks on a chain), configure how the firewall defines a failure:
Enable path, HTTP latency, or HTTP monitoring, or a combination of the three health checks to identify when security chains experience a failure, and configure the metrics that determine when a failure has occurred:
Recommended For You
Recommended videos not found.