Hi all. I am researching firewalls etc, and I was wondering if anyone can tell me the difference between that of a (Static)Packet Filter and a Stateful Packet Filter and what features are included in a stateful packet filter, and why do people use stateful on servers such as webservers over that of a proxy firewall?

Also if possible, as I am having a hard time finding out, why is it that proxy firewalls are generally slower than that of a packet filter, is it because it always inspects right up to the paplication layer ?

If it is that, could you explaint to me why that takes so long in regards to just the transport layer for ports?

Also, in regards to stateful, they inspect upto the application layer too, so why use these? It will just increase the load won't it

Regards

DislexiK

The difference is pretty simple to understand.

Stateful watches for the ACK/SYN process of TCP and static does not.

As for a proxy, it doesn't necessarily have to be slower. It just adds another place your data travels through and if it is slower it will slow your connection down.

Ok thank you, ACK and SYN? do you mean the connection between two hosts that is formed by TCP, so it monitors the connection, and if the packet is not a reply to a request/apart of one of the connections it is dropped?

Regards

DislexiK

Originally posted by DislexiK
Ok thank you, ACK and SYN? do you mean the connection between two hosts that is formed by TCP, so it monitors the connection, and if the packet is not a reply to a request/apart of one of the connections it is dropped?

Regards

DislexiK

Exactly.

Originally posted by LP-Trel
Exactly.

Dont really agree,

Tcp/ip is a protocol -- set of rules telling how those packets should be transferred

Overulehost: He was explaining to me that Stateful uses TCP to its own advantage in regards to packet filtering, not TCP/IP

Regards

DislexiK