Great Circle Associates Firewalls
(October 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Statefull Firewalls
From: Geoff Mulligan <geoff @ mulligan . com>
Date: Wed, 23 Oct 1996 09:41:37 -0600
To: Darren Reed <avalon @ coombs . anu . edu . au>
Cc: Kyle_Amon @ jabil . com, firewalls @ GreatCircle . COM, mcmr @ mailhost . net
In-reply-to: Your message of "Wed, 23 Oct 1996 22:19:30 +1000." <199610231219 . GAA04883 @ grab> 
> In some mail from Geoff Mulligan, sie said:
> > 
> > Someone recently said that they didn't know of any firewall that
> > maintained state of tcp connections and didn't just rely on the ACK bit
> > being set.  
> > 
> > SunScreen SPF-100 (hardware/stealth version) has since it's first.
> [promo deleted]
> 
> Ummm, Geoff, if you confine TCP state to just the connection details then
> yes, many firewalls can and do this now.
> 
> However, does SunScreen maintain state correctly for the applications using
> the TCP stream too ?  i.e. will it correctly handle an FTP "PORT" command,
> no matter if I send it in 1 packet or 50 ?

Yes it will.

	geoff
Indexed By Date Previous: Re: SecurID algorithm???
From: Todd Graham Lewis <lists @ reflections . mindspring . com>
Next: Re: Firewall-1 Intra-net Security
From: Habeeb Qadri <habeeb @ Synopsys . COM>
Indexed By Thread Previous: Re: Statefull Firewalls
From: Darren Reed <avalon @ coombs . anu . edu . au>
Next: Reserved bit in IP flags
From: Cy Ardoin <ardoin @ cycon . com>
Google
 
Search Internet Search www.greatcircle.com