Quote:
Originally Posted by jggimi
Code:
match in on $internal_nic scrub (no-df random-id)
match in on $external_nic scrub (reassemble tcp)
|
jggimi,
The context being a firewall with an inside and an outside interface, with regard to matching and fixing-up the packets on an inbound flow vs. an outbound flow, is fixing-up the RANDOM-ID on INBOUND on the INSIDE interface, as your match rules exemplifies, preferred to fixing-up it up on the OUTBOUND transit on the OUTSIDE interface? Or does it matter?
Thanks,
/Scott