Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

What is concept of statefull firewall?

Please clarify

TIA

5 REPLIES
Silver

Re: What is concept of statefull firewall?

A Firewall in general will filter packets dependant upon Layer 3 specifications. You can permit or block source and Dest IPs. However a Statefull Firewall goes to Layer 3 and above. You can now filter or perform certain tasks dependant upon the state of your traffic flow or your TCP/UDP ports and application you are using. This allows for a more granular filtering ability and if set up correctly can prevent virus' and intrusions, DOS, DDOS attacks along with other preventions. Today all firewalls (at least the ones I know) are statefull firewalls...Please rate...

New Member

Re: What is concept of statefull firewall?

I have done my CCIE secuity written, I am compltely aware of what a statful packet inspection is all about.

I need to know what vendor or product will fulfill the criteria

thanks for your post though

New Member

Re: What is concept of statefull firewall?

Hi,

To have a complete idea about what is stateful firewall it?s very important to understand what differ this technology from others.

Here is the explanation of the three main firewall technologies:

Stateful inspection - Stateful inspection firewalls, also known as stateful packet filters, allow/deny traffic based on source destination and service while maintaining a state table to keep track of existing connections. This ensures that inbound connections are valid replies to outbound requests.

Proxy - Connections are initiated on the firewall on behalf of the requester. Traffic does not pass through a proxy-based firewall but rather is recreated by the firewall, this type of technology works at the application layer.

Packet filtering - Inspects the incoming and outgoing packets and allows/denies traffic based on source, destination, protocol, and service.

New Member

Re: What is concept of statefull firewall?

I have done my CCIE secuity written, I am compltely aware of what a statful packet inspection is all about.

I need to know what vendor or product will fulfill the criteria

thanks for your post though

Re: What is concept of statefull firewall?

Probably 95% of all vendor firewalls are stateful by now.

The trend is more going in direction of more application awareness as IDS/IPS features up to layer 7.

Sateful firewalls:

- Cisco: PIX, FWSM, IOS FW

- CheckPoint: NGX

- Junipers FW

- Astaro, Watchguard,

sincerely

Patrick

360
Views
0
Helpful
5
Replies
CreatePlease login to create content