A stateful inspection device operates in a manner similar to a packet-filtering firewall in that it also examines the source and destination addresses of every packet that passes its way. However, a packet filter is never aware of the context of any communication. Each packet that passes through it is treated on an individual basis. A firewall that employs stateful inspection techniques attempts to keep track of requests and responses to be sure they match. This type of firewall maintains tables of information about current connections so that it can determine whether incoming packets are unsolicited or whether they are in response to a request that was made by a user on the internal network. Another name sometimes used for this type of firewall is dynamic packet filter . When a connection terminates, the firewall removes the reference from its internal table so that an external source cannot use it to gain entry again. Many proprietary stateful inspection firewall products are on the market today. Study the documentation of this type of product before you make a purchase so that you can fully understand how it operates. |