Great Circle Associates Firewalls
(October 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Statefull Firewalls
From: Darren Reed <avalon @ coombs . anu . edu . au>
Date: Wed, 23 Oct 1996 22:19:30 +1000 (EST)
To: geoff @ mulligan . com (Geoff Mulligan)
Cc: Kyle_Amon @ jabil . com, firewalls @ GreatCircle . COM, mcmr @ mailhost . net
In-reply-to: <199610161748 . LAA20028 @ future . mulligan . com> from "Geoff Mulligan" at Oct 16, 96 11:48:10 am 
In some mail from Geoff Mulligan, sie said:
> 
> Someone recently said that they didn't know of any firewall that
> maintained state of tcp connections and didn't just rely on the ACK bit
> being set.  
> 
> SunScreen SPF-100 (hardware/stealth version) has since it's first.
[promo deleted]

Ummm, Geoff, if you confine TCP state to just the connection details then
yes, many firewalls can and do this now.

However, does SunScreen maintain state correctly for the applications using
the TCP stream too ?  i.e. will it correctly handle an FTP "PORT" command,
no matter if I send it in 1 packet or 50 ?

Darren
References:
Indexed By Date Previous: Firewall feature matrix
From: "Richard.Ford" <Richard . Ford @ fujitsu . com . au>
Next: Re: SecurID algorithm???
From: dvv @ sprint . net (Dima Volodin)
Indexed By Thread Previous: Re: Statefull Firewalls
From: Geoff Mulligan <geoff @ mulligan . com>
Next: Re: Statefull Firewalls
From: Geoff Mulligan <geoff @ mulligan . com>
Google
 
Search Internet Search www.greatcircle.com