10-30-2009 04:53 AM - edited 03-11-2019 09:34 AM
i m little confuse need your help.Stateful firewall in which state create whn packet comes from lower interface to higher interface it first check stateful if connection there packet allow if not pakect deny
stateless no connection table create
then which thing allow lower interface packet to come higher interface packet in stateless firewall?
which thing create connection table
is it access-list or global group policy?
10-30-2009 10:00 AM
Please check the details on stateless firewall working on this link under the heading "II. MATCHING AND MAINTAINING BI-DIRECTIONAL FLOW STATE: STATEFUL FIREWALL"
http://www.ecsl.cs.sunysb.edu/tr/packet_analysis_final.pdf
I hope this helps.
11-02-2009 12:07 PM
Hi,
"Packet-filtering(stateless) firewalls validate packets based on protocol, source and/or destination IP addresses, source and/or destination port numbers, time range, Differentiate Services Code Point (DSCP), type of service (ToS), and various other parameters within the IP header. Packet filtering is generally accomplished using Access Control Lists (ACL) on routers or switches and are normally very fast, especially when performed in an Application Specific Integrated Circuit (ASIC). As traffic enters or exits an interface, ACLs are used to match selected criteria and either permit or deny individual packets."
Vusal
11-03-2009 04:20 AM
Faizan
With a stateless firewall it is purely down to the access-list applied to the incoming interface, although to call it a firewall is stretching the point somewhat.
The important thing to remember is that if the device is stateless each individual packet is treated in isolation, ie it is not seen as part of a connection, it is simply seen as an individual packet with a src/dst IP, src/dst port etc. and it is checked in isolation against the acl.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide