Here is an overview of the packet flow :
* When a packet enters the ingress interface and it is handled by the LINA engine
* The packet is inspected by the Snort engine, if configured to do so; this can include SI, IPS, AMP, URL filtering among other inspections.
* The Snort engine returns a verdict for the packet
* It’s important to note that the Snort engine does not drop anything, but instead marks the packet drop or forward, based on the snort verdict.
Lina does the process of layer 2, routing, NAT, VPN, PreFilter, and layer 3-4 access control policy rules before the snort process takes over the analysis. The Lina code takes over again after the default action of the ACP and again does layer 2, routing, NAT, VPN, etc.
