When forwarding a TCP, UDP, or ICMP packet, the firewall needs to query the session table in order to determine the connection to which the packet belongs and take corresponding measures.
Huawei firewalls are stateful devices. This means they do not evaluate every packet only by static rules; instead, they track communications as sessions and then handle subsequent packets based on the session state. When the first packet of a flow arrives, the firewall matches it against the security policy, performs checks (and NAT if configured), and if allowed, it creates a session entry in the session table. That entry records key information such as source/destination IP addresses, protocol, ports or identifiers, zones, NAT translation information, timeout values, and the current state.
After the session is created, later packets of the same TCP/UDP flow, or related ICMP traffic, are forwarded efficiently by querying the session table first. If a matching session exists and the state is valid, the firewall applies the corresponding actions (permit/deny, NAT mapping, logging, QoS, inspection) without repeating the full policy lookup each time. If no session matches, the firewall treats the packet as a new flow and re-evaluates it against policies. Therefore, the statement is true.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit