The fastPCRF server actually acts as an authentication server (L3 BRAS) for the fastDPI: for outgoing client traffic fastPCRF requests the Radius server for the client authentication, policing profile (analogue of the tariff plan) and service profiles. CoA (Change of Authorization) alerts are also supported - notification of the Radius server about changes in the user settings (balance exhaustion, policing changes, etc.)

When you start the Stingray Service Gateway (SSG), the authorization state of all the users is set to “unknown”. Previously stored in the fastDPI internal base (UDR) user settings are applied according to this state. When an outgoing packet is received from a local IP address, the SSG analyzes the authorization state and if it is unknown the SSG sends an authorization request to the fastPCRF server. Essentially, this is an Access-Request Radius request.
When the Radius server reply is received, the fastPCRF sends user properties to the fastDPI, which in turn set the authorization status either to “authorized” (Accept-Accept) or “unauthorized” (Accept-Reject) state.