Protector Plus supports two enforcement topologies that define how the GenAI application routes prompts, where policy evaluation happens, and whether violations can prevent requests from reaching the LLM.
The gateway component shown in the diagrams below is a reference LLM gateway — any compatible gateway can be used in its place.
Gateway-first (non-blocking)
The GenAI application sends prompts to an LLM gateway, which forwards them concurrently to the LLM and to the GenAI Firewall for evaluation. The firewall returns findings alongside the LLM response; the application interprets findings and decides whether to allow, suppress, log, or alert.
Non-blocking by design — the application retains the final allow/deny decision.
Forwarding mode (firewall-first, blocking)
The GenAI Firewall sits inline as an enforcing gate. Prompts that pass policy checks are forwarded to the gateway and on to the LLM; violating prompts are blocked and never reach the model.
Forwarding mode is the recommended topology for production deployments under strict policy enforcement.
Non-forwarding mode (firewall-first, app-decides)
The firewall receives the prompt first and evaluates it, but does not forward to the LLM. It returns a risk score to the application; the application makes the final allow/deny decision and, if proceeding, calls the LLM directly through its own gateway.
Decision matrix
Per-application security profiles
In Forwarding and Non-forwarding modes, every request reaches the firewall directly so per-application security profiles work out of the box.
In Gateway-first mode, per-application profiles require the gateway to propagate a unique application identifier with each request. Without it, Protector Plus applies the default profile.