of 3

Firewall Concepts

Published on February 2020 | Categories: Documents | Downloads: 13 | Comments: 0




The purpose purpose of a firewall is to to ensure security in in communications between internal internal and external

networks. A firewall allows or disallows communication across the firewall in accordance with a predefined security policy. 2.

Firewall implementations: There are different different implementations of firewalls. Most notable among

these are: a.

A firewall firewall implemented implemented with the Packet Filters work at Network Network Layer of ISO/OSI stack.


A firewall implemented with the Application Layer Gateways work at the Application Application Layer Layer of

ISO/OSI stack.


A Firewall implemented with stateful technology technology (like (like Checkpoint Firewall-1) works at all layers of

IS/OSI model. 3.

A firewall implemented with stateful inspection technology (FireWall-1 uses stateful inspection)

has several advantages over packet filter:

Communication Information Communication Derived State Application Derived State Information Manipulation

Application Layer Gateway Partial

Packet Filters

Stateful Inspection












4. The following information are used by Firewall-1 that uses stateful inspection technology: a.

Communication Communication information from different layers of TCP/IP stack


The state derived from previous communications


The state derived from other applications, for example, a previously authenticated authenticated user would be allowed to access through the firewall for authorized services only.

Stateful Packet Inspection Firewall:

These Firewalls are based on the Filtering of packets at network level  –  these Firewalls examine protocol packet header fields: Src IP Dst IP TCP/UDP Src ports & TCP/UDP Dst Ports. They’re Stateful because firewall can remember prior connection states and continuously keeps on updating the state of a connection in its Dynamic connection table.

Whenever a Firewall receives a SYN packet initiating a TCP connection, this SYN packet is reviewed against the Firewall Rulebase. If the packet matches a rule its allowed otherwise its denied. However, if the packet is accepted, the session is entered in the Firewalls’ Stateful connection table, which is located in Kernel Memory. Every packet that follows (that does not have a SYN) is then compared to the Stateful Inspection table. If the session is in the table t hen it means the packet is a part of an existing session and it is allowed through the firewall. If it does not matches an e xisting session in the table then it is dropped. This improves the performance as every packet is not compared with the rule base, just the packets which are SYN packets are compared with the Rulebase. All other packets are compared to the state table in Kernel memory (which happens Very fast)

Proxy Server Stateful Firewall:

These Firewalls filter services at the Application level. They will terminate the session at their interface and initiate a separate connection with the internal server, thus taking a little more time in establishing the session. They are by nature slow in processing as they are more application based.

Today, there very less difference between these two firewall technologies as more and more state packet inspection firewall vendors take on a Hybrid approach by combining both the concepts. The main engine of the Stateful firewall is implemented for maintain connection states and then the features such as Virus Scanning, URL filtering, Java/Activex filtering etc are superimposed over it to get the best of both worlds.

Sponsor Documents


No recommend documents

Or use your account on DocShare.tips


Forgot your password?

Or register your new account on DocShare.tips


Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in