Stateful Firewall

• Does not examine packets in isolation

  • Examines each packet to see if it is part of an ongoing conversation
  • Catches errors that packet filter firewalls cannot
    • Refuses a TCP acknowledgement if an internal host has not opened a connection to that host
  • Usually does not examine a packet in detail if the packet is part of an ongoing conversation
    • This can miss attack packets

Beyond what is

In the book

Previous slide

Next slide

Back to first slide

View graphic version