Firewalls: Stateful Inspection Anyone?

Firewalls
(January 1998)

Indexed By Thread: [Previous] [Next]

Subject:	Stateful Inspection Anyone?
From:	MacGyver <macgyver @ tos . net>
Date:	Tue, 06 Jan 1998 10:54:53 -0600
To:	Firewalls Mailing List <firewalls @ greatcircle . com>

Hi folks,

I've been wondering this for a while, but just haven't gotten around to
asking anyone yet:

Checkpoint's Firewall-1 has a feature known as "stateful inspection" which
they tout as the end-all and be-all of packet-filtering and inspection.
Anyone had any experience in using this feature or have any thoughts
regarding stateful inspection?  How large of a performance impact is there
when stateful inspection is enabled?  Are the gains worth the added load?

Hope this spurs some interesting discussion.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        ^               Habeeb J. Dihu
     -'   `-            Managing Senior Technologist
   " '     ` "          Cirrus Technologies
 "  '       `  "        
"  '      .  `  "                  
"  '    .' ` `  "       'I don't believe in the no-win scenario'
 " `   '    `' "           -- Captain James T. Kirk,  Star Trek II: TWK
   `  ' _  _ '          'There is an old Vulcan proverb, `Only Nixon
    '                    could go to China.`'
                           -- Captain Spock, Star Trek VI: TUC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Indexed By Date	Previous:	Re: Bank Security From: MacGyver <macgyver @ tos . net>
Indexed By Date	Next:	Re: NT Web proxy server From: Ming Lu <mlu @ hq . si . net>
Indexed By Thread	Previous:	Re: Wannabe needs a good book From: Sick Puppy <sikpuppy @ maestro . maestro . com>
Indexed By Thread	Next:	E-mail Encryption From: "Grigorof, Adrian" <agrigoro @ mobility . com>