Follow the network activity by clicking on each number
This diagram represents the logical network protected by the AppSafe 3500, SecureWatch integrated reporting, the Check Point Firewall, and the Check Point Management Station. The TopFlow protocol sends data to the management station and can be collected for all AS 3500s within the network.
| 1 |
A combination of legitimate and suspicious or malicious traffic enters the network through the edge router. [Back to diagram]
|
| 2 |
The AS 3500 classifies the connection setup attributes and determines whether or not the connection should be allowed to pass through to the server. [Back to diagram]
|
| 3 |
Suspect traffic is discarded and telemetry detailing the Layer 3-7 properties of the flow. The data are issued in the form of Top Layer's TopFlow Data Protocol to the SecureWatch server.[Back to diagram]
|
| 4 |
Normal flows, or flows requiring additional content inspection are passed to the firewall for analysis.
[Back to diagram]
|
| 5 |
The SecureWatch server captures the TopFlow data and prepares it for storage. The OPSEC Certified solution incorporates the filtering of security events as reported through the TopFlow Data Protocol and transforms the data into a compliant ELA format. Optional additional outputs include Microsoft Access and SQL Server 2000 DBMS and Syslog. [Back to diagram]
|
| 6 |
Using the ELA interface, SecureWatch transmits the DDoS event telemetry to the Check Point Management Console, in real time, for storage in the event log. [Back to diagram]
|
| 7 |
The Check Point Firewall sends data about detected intrusions or offending content to the Check Point Management console for storage in the event log. [Back to diagram]
|
|
