stateful &statelees firewall

Unanswered Question
Oct 30th, 2009
User Badges:

i m little confuse need your help.Stateful firewall in which state create whn packet comes from lower interface to higher interface it first check stateful if connection there packet allow if not pakect deny

stateless no connection table create

then which thing allow lower interface packet to come higher interface packet in stateless firewall?

which thing create connection table

is it access-list or global group policy?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Vusal Salmanli Mon, 11/02/2009 - 12:07
User Badges:


"Packet-filtering(stateless) firewalls validate packets based on protocol, source and/or destination IP addresses, source and/or destination port numbers, time range, Differentiate Services Code Point (DSCP), type of service (ToS), and various other parameters within the IP header. Packet filtering is generally accomplished using Access Control Lists (ACL) on routers or switches and are normally very fast, especially when performed in an Application Specific Integrated Circuit (ASIC). As traffic enters or exits an interface, ACLs are used to match selected criteria and either permit or deny individual packets."


Jon Marshall Tue, 11/03/2009 - 04:20
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


With a stateless firewall it is purely down to the access-list applied to the incoming interface, although to call it a firewall is stretching the point somewhat.

The important thing to remember is that if the device is stateless each individual packet is treated in isolation, ie it is not seen as part of a connection, it is simply seen as an individual packet with a src/dst IP, src/dst port etc. and it is checked in isolation against the acl.



This Discussion