I've been wondering this for a while, but just haven't gotten around to
asking anyone yet:
Checkpoint's Firewall-1 has a feature known as "stateful inspection" which
they tout as the end-all and be-all of packet-filtering and inspection.
Anyone had any experience in using this feature or have any thoughts
regarding stateful inspection? How large of a performance impact is there
when stateful inspection is enabled? Are the gains worth the added load?
Hope this spurs some interesting discussion.
^ Habeeb J. Dihu
-' `- Managing Senior Technologist
" ' ` " Cirrus Technologies
" ' ` "
" ' . ` "
" ' .' ` ` " 'I don't believe in the no-win scenario'
" ` ' `' " -- Captain James T. Kirk, Star Trek II: TWK
` ' _ _ ' 'There is an old Vulcan proverb, `Only Nixon
' could go to China.`'
-- Captain Spock, Star Trek VI: TUC