Despite the device brand and model used, NOVAXE® relies on an abstract firewall model which fits most physical devices.

NOVAXE® considers a firewall a device with many interfaces which are here refered as zones. Each zone can be labeled with a name and it is either internal or external to the perimeter on which the firewall is placed. DMZs may be either considered interal or external depending on specific needs. Internal and external are typically refered to the local area network, but it's eventually in the view of the firewall owner to decide what is internal (and respect to what) and what is not.

A data packet typically passes through the firewall by entering a zone (called source zone) and exiting another zone (called destination zone which is typically different from the source).

A zone vector is a pair of zones (source and destination) and define a flow of packets which passes through the firewall. This vector is said to be:

Once these 4 primary zone vectors are defined, it is possible to partition all traffic among them, because every packet belong to one and only one zone vector. Nevertheless it is possible to define other zone vectors which may be of interest.

A traffic event logged by the firewall is a sequence of one or more packets (depending on the protocol) and consistutes a basic unit respect to which traffic is measured. For example the firewall logs an entry for a TCP session, but also for a single UDP packet. All traffic events, despite the protocol, have a source and destination address and a source and destination port. All these parameters are mandatory.

There exists firewalls that do not support this abstraction, like Checkpoint FW-1 which simply outputs source and destination addresses without binding them to an interface. In this case NOVAXE® allows the administrator to define a table which maps dummy interfaces with their proper subnet and state (trusted/untrusted).