1Overview9Stateful inspectionThe SEG employs a technique called stateful inspection which means that it inspects andforwards traffic on a per‐flow basis. The SEG detects when a new flow between a source anddestination is being established, and keeps information about the flow over its lifetime. Bydoing this, the SEG is able to understand the context of network traffic, enabling it to performa variety of important functions.The stateful inspection approach additionally provides high throughput performance with theadded advantage of a design that is highly scalable. The SEG subsystem that implementsstateful inspection is sometimes referred to as the SEG state‐engine.All flows have a specified idle lifetime, after which they are removed from the flow table.Basic building blocksFrom the administrator’s viewpoint, the basic SEG building blocks are:• Interfaces such as physical Ethernet interfaces or logical VPN tunnels.• Logical objects that are individual logical definitions within the SEG. For example, Addressobjects can be defined in the Address Book to give logical names to IP and other types ofaddresses.• Rule sets that make up the security policies that you want to implement. These include IPrules.These three types of building blocks are discussed next.InterfacesInterfaces are the doorways through which network traffic enters or leaves the securitygateway. Without interfaces, an SEG system has no means for receiving or sending traffic.The following types of interface are supported in the SEG:• Physical interfacesThese correspond to the actual physical Ethernet interface ports through which trafficarrives and leaves the hardware platform running the SEG.• Tunnel interfacesUsed for receiving and sending traffic through VPN tunnels. These are treated as logicallyequivalent to physical interfaces when you configure the SEG. For example, a route in anSEG routing table could specify either a physical or tunnel interface as the destination fora particular network.The SEG interface design is symmetric, meaning that the interfaces of the device are not fixedas being on the “insecure outside” or “secure inside” of a network topology. The notion ofwhat is inside and outside is completely for you to define.