Stateful firewall

The most frequently used tool for accomplishing this has been a stateful firewall.

Vulnerabilities exist at network layers, however, that are not visible to a stateful firewall.

You learn the difference between a stateful firewall and NAT first.

Many stateful firewalls are able to track the state of flows in connectionless protocols.

Stateful firewalls maintain context about active sessions, and use that "state information" to speed packet processing.

VPN-1 is a stateful firewall which also filters traffic by inspecting the application layer.

By keeping track of the connection state, stateful firewalls provide added efficiency in terms of packet inspection.

Some stateful firewalls also raise the possibility that individual hosts can be tricked into soliciting outside connections.

This corresponds to the typical setup of a NAT and its stateful firewall functionality.

IPCop is a stateful firewall built on the Linux netfilter framework.

Before the advent of stateful firewalls, a stateless firewall, a firewall that treats each network frame (or packet) in isolation, was normal.

Stateful firewalls solve this problem by maintaining a table of open connections and intelligently associating new connection requests with existing legitimate connections.

Simple packet filtering will allow established connections (packets with the ACK bit set), whereas a more sophisticated stateful firewall might not.

The null scan can often bypass a stateless firewall, but is not useful when a stateful firewall is employed.

IPFilter supports both IPv4 and IPv6 protocols, and is a stateful firewall.

A stateful firewall tracks the state of each logical connection passing through it, and rejects data packets inappropriate for the state of the connection.

NAT relies on this information to translate all related packets in the same way, and iptables can use this information to act as a stateful firewall.

The device may include a stateful firewall, a VPN concentrator, or be an IPSec security gateway.

This combination makes it possible to detect certain attacks that neither the IDS/IPS nor the stateful firewall can catch on their own.

Stateful firewalls, while able to see the beginning and end of a packet flow, cannot catch events on their own that would be out of bounds for a particular application.

The GFX-94 was a stateful firewall with unique dual walled design that consisted of two separate hardware devices comprising the inner and outer firewall.

The userspace daemon conntrackd can be used to enable high availability cluster-based stateful firewalls and collect statistics of the stateful firewall use.

DPI combines the functionality of an intrusion detection system (IDS) and an Intrusion prevention system (IPS) with a traditional stateful firewall.

The term Science DMZ refers to a computer subnetwork that is structured to be secure, but without the performance limits that would otherwise result from passing data through a stateful firewall.

It provided the features of a stateful firewall (meaning that it has the ability to keep information about the sate of connections) and could also configure itself on the fly with uPNP.