Well, Egress and Ingress are relatively very easy networking terms. Let’s understand it with the help of an example
Egress traffic is network traffic that begins inside of a private network and proceeds through its routers to a destination somewhere outside of the network or public network/internet.
For example, a local flight from the local airport going outside the country and landing at an international airport. Here the plane has to take off through the local runway in the local airport, then after the flight, it lands only at the designated ramp, and only then the passengers can head wherever they are going from that location.
Similarly, an email can be considered as egress traffic if it travels from a user’s workstation and pass through the enterprise’s LAN routers i.e., exiting private network before it is delivered to the Internet public network to its final destination.
If the email is sent from the private network out to a public network/internet, the public server/endpoint responds back to that request using a port number that was initially defined during the initiation of email, and the firewall will allow that connection since it is aware of an initiated session based on that port number. As shown below.
Ingress traffic is network traffic whose source lies in public internet i.e., in an external network, and send to the destined node in the private network. But it is not the response to a request that is initiated by an inside system.
For example, an international flight arriving at the local airport. The flight would pass through the local runway, then it will finally land at a designated ramp, and only after that passenger can head wherever they are going from that location.
Similarly, an email can be considered as Ingress traffic if it is coming from the external source i.e., public internet then it enters the LAN and then finally it reaches to the recipient’s inbox.
In this case, when the email if coming from the external source the firewalls are designed to decline this request until and unless there are specific configuration & policy that allows ingress connections. As shown below.