3Chapter54AddressingInterfacesAn Interface is an important logical building block in the SEG. All network traffic that transitsthrough, originates from or is terminated in a security gateway, does so through one or moreinterfaces.Source and destination interfacesAn interface can be thought of as a doorway through which network traffic passes to or fromthe SEG. An SEG interface has one of two functions:• Source interface: When traffic arrives through an interface, that interface is referred to inthe SEG as the source interface (also sometimes known as the receiving or incominginterface).• Destination interface: When traffic leaves after being checked against the SEG’s securitypolicies, the interface used to send the traffic is referred to in the SEG as the destinationinterface (also sometimes known as the sending interface).All traffic passing through the SEG has both a source and destination interface. Asexplained in more depth later, the special logical interface core is used when the SEG itselfis the source or destination for traffic.Interface typesThe SEG supports a number of interface types, which can be divided into the following groups:• Ethernet interfaces: Each Ethernet interface represents a physical Ethernet port on anSEG‐based product. All network traffic that originates from or enters a security gatewaywill pass through one of the physical interfaces.The SEG currently supports Ethernet as the only physical interface type.• Tunnel interfaces: Tunnel interfaces are used when network traffic is being tunneledbetween the system and another tunnel endpoint in the network before it gets routed toits final destination. An example of a tunnel interface is an IPsec tunnel object, which isdescribed further in IPsec components on page 117.To accomplish tunneling, additional headers are added to the traffic that is to be tunneled.Furthermore, various transformations can be applied to the network traffic depending onthe type of tunnel interface. For example, when routing traffic over an IPsec interface, thepayload is usually encrypted to achieve confidentiality.