Home Page

Firewalls

Email & Spam

Security Terminology

Security Topics

VPN & Cryptography

Wireless

 

Firewalls

Which Network Firewall

Which Home Firewall

Network Firewall Buyers Guide

 

Firewall Terminology

Application Control

Application Layer Filtering

Firewall Authentication

High Availability, Failover, RAID, Clustering, & Redundancy

IPS & IDS Systems

Load Balancing & Link Balancing

NAT

Network Firewall Buyers Guide

Next-Gen vs UTM

Packet Filtering

Parental Control

Perimeter Network or DMZ

Personal or Hardware Firewall?

Ports Protocols and IP Addresses

QOS

Stateful Packet Filtering

SSL-Content-Scanning

UTM

What is a Firewall?

Which home Firewall?

Which Network Firewall?

Zero Day Protection

 

Security Products Guide

Which Anti-Virus Software?

Which Firewall?

Which Spam Filter?

Which Internet Security Suite?

 

What is Guide

What is a Firewall?

What is a Virus?

What is Spam?

 

Essential Security Guides

Securing Windows XP Guide

Securing Windows Vista Guide

A Guide to Wireless Security

 

Other

Top 8 Internet Security Tips

Why both, Firewall and Anti Virus?

Free or purchased security - Which one?

 

 

 

 

Firewall Stateful Packet Filtering Tutorial

 

 

3rd generation hardware firewalls maintain records of all connections passing through the firewall, known as stateful packet inspection. They are able to determine whether a packet is either the start of a new connection, a part of an existing connection, or an invalid packet.

This would mean if a user from the internal network asks for traffic to return back to them from the internet, the firewall will allow this type of traffic, as it has been requested. However traffic initiated from the outside world will not be allowed if no one from the internal network has requested this, unless a firewall rule has been specifically setup for this.

How stateful packet inspection works is a firewall maintains a state table of all the connections initiated from the internal LAN. For example it would only allow a TCP request from the outside world if it is a response to an outgoing request. When an incoming packet is received the firewall will check its ACL and state table to see if there has already been an existing connection and if there has then this packet will be allowed and filtered through to its destination. Information that is recorded in a state table is the ones at the network and transport layer such as the source and destination IP addresses, and the source and destination ports.

As 3rd generation hardware firewalls retain the ability to filter packets and also include a more sophisticated feature in monitoring and updating a dynamic state connection table, this provides a more advanced level of security. However it does require more processing power, and of course this would increase the cost of the product as well.

The only packets allowed into the LAN from the internet as start of a new connection would be ones specifically configured by a firewall. This is usually configured when a company host a web server, FTP server, etc. However the connection should be very tightly controlled and only allowed to that one specific port and IP address.

Implementing stateful packet inspection feature in firewalls has been an excellent security feature, and proves to be very effective, scalable and transparent to end users.

For further reading, there's some excellent electronic ebooks available for download from eBooks.com