|
Subject: |
Stateful packet filtering |
|
From: |
manuel .
ricca @
pararede .
pt |
|
Date: |
14 Jul 97 12:35:19 +0000 |
|
To: |
firewalls @
GreatCircle .
com (Non Receipt Notification Requested) |
|
Alternate-recipient: |
Prohibited |
|
Autoforwarded: |
FALSE |
|
Conversion: |
Allowed |
|
Conversion-with-loss: |
Allowed |
|
Delivery-date: |
14 Jul 97 12:35:29 +0000 |
|
Importance: |
normal |
|
Message-type: |
Multiple Part |
|
Original-encoded-information-types: |
Teletex |
|
X400-content-type: |
P2-1988 |
|
X400-mts-identifier: |
[/PRMD=pararede/ADMD=ip/C=pt;ISOCOR-33b5f67d-Tubarao] |
|
X400-originator: |
manuel .
ricca @
pararede .
pt |
|
X400-received: |
by /PRMD=pararede/ADMD=ip/C=pt; Relayed; 14 Jul 97 12:35:19 +0000 |
|
X400-recipients: |
firewalls @
GreatCircle .
com |
I heard that one of the features in Firewall-1 is stateful packet filtering, and that this allows the firewall to analyze packets all the way
to the application level. Does this mean that it actually keeps information on packets in order to reassemble them until the application layer?
If this is true, what's the advantage on keeping it a packet-filter firewall instead of a 'transparent proxy' one (by combining circuit-level techniques,
they could build transparent proxies)? It would be a lot easier to configure, and it wouldn't loose any functionality. Or am I missing something here?
TIA,
.M
------------
Manuel Ricca (manuel .
ricca @
pararede .
pt)
ParaRede - Tecnologias de Comunicação, S.A.
Tel: +351 1 3020451
Fax: +351 1 3020444
|
|
