stateful &statelees firewall

Faizan Khursheed · ‎10-30-2009

i m little confuse need your help.Stateful firewall in which state create whn packet comes from lower interface to higher interface it first check stateful if connection there packet allow if not pakect deny

stateless no connection table create

then which thing allow lower interface packet to come higher interface packet in stateless firewall?

which thing create connection table

is it access-list or global group policy?

sokakkar · ‎10-30-2009

Please check the details on stateless firewall working on this link under the heading "II. MATCHING AND MAINTAINING BI-DIRECTIONAL FLOW STATE: STATEFUL FIREWALL"

http://www.ecsl.cs.sunysb.edu/tr/packet_analysis_final.pdf

I hope this helps.

Vusal Salmanli · ‎11-02-2009

Hi,

"Packet-filtering(stateless) firewalls validate packets based on protocol, source and/or destination IP addresses, source and/or destination port numbers, time range, Differentiate Services Code Point (DSCP), type of service (ToS), and various other parameters within the IP header. Packet filtering is generally accomplished using Access Control Lists (ACL) on routers or switches and are normally very fast, especially when performed in an Application Specific Integrated Circuit (ASIC). As traffic enters or exits an interface, ACLs are used to match selected criteria and either permit or deny individual packets."

Vusal

Jon Marshall · ‎11-03-2009

Faizan

With a stateless firewall it is purely down to the access-list applied to the incoming interface, although to call it a firewall is stretching the point somewhat.

The important thing to remember is that if the device is stateless each individual packet is treated in isolation, ie it is not seen as part of a connection, it is simply seen as an individual packet with a src/dst IP, src/dst port etc. and it is checked in isolation against the acl.

Jon