Stateful Firewall
Does not examine packets in isolation
- Examines each packet to see if it is part of an ongoing conversation
- Catches errors that packet filter firewalls cannot
- Refuses a TCP acknowledgement if an internal host has not opened a connection to that host
- Usually does not examine a packet in detail if the packet is part of an ongoing conversation
- This can miss attack packets