SonicWALL firewall internal packet flow

I've worked with SonicWALL firewalls for over 10 years in hundreds of different installations. In order to understand how a firewall handles traffic, it helps to know how traffic is treated interally. For example it helps to know if the nat engine is traversed before the policy check or after, in order to configure the nat-policy and the access rules correclty.

Since generation 5 SonicWALL firewalls use cavium octeon cpus and they process everthing in cpu. This is a strength and a weakness of the firewall, after it can treat traffic very dynamically and using software-updates the handling of the traffic can be changed. However compared to for example asic processor architecture the performance usually is lower. So there are pros and cons.

The SonicWALL firewall internal packet flow looks like the following:
 Packet fragmentation is handled as follows:
The packet capture feature can be helpful to understand the packet flow. However in rare cases it can mislead you after it is not 100% accurate when facing bugs in SonicOS:

Almost perfect protection for websites and other services - Mutual TLS

Its hard to secure your IT services and applications. The list of possible attacks is long, as shown in the Mitre Att&ck framework , the...