Network security device

Abstract

Operations of a security device are provided herein. The operations may include receiving, via a first network interface, a network packet, and evaluating attributes of the received network packet against a ruleset to identify a first rule match, wherein the attributes comprise an identifier of the first network interface, a source address, and a destination address. The operations may further include comparing the attributes of the received network packet against a table listing one or more network devices associated with the first network interface or a second network interface. The operations may further include switching the attributes of the received network packet by changing the identifier of the first network interface to an identifier of the second network interface and swapping the source address and the destination address, and evaluating the switched attributes of the received network packet against the ruleset to identify a second rule match. The switched attributes of the received network packet may be compared against the table, and one of the first rule match or the second rule match may be selected based on the comparisons of the network packet attributes and the switched network packet attributes against the table. The received network packet may be processed according to the selected one of the first rule match or the second rule match.