One of the biggest complaints about stateful inspection is that if the
state table becomes corrupt, the network could become vulnerable to the
Check out application gateways, these proxy servers take a users request
for an Internet service and forward it to the actual service. Proxies
replace the actual service, acting as a gateway and are for this reason
commonly referred to as application gateways.
Visit http://www.securecomputing.com or contact me.
Global Data Systems, Inc.
Internet and Intranet Firewalls and Security Group
Consulting and Installing Solutions for Your Company's Data
Remote User Authentication
Virtual Private Networks
781/740-8818 x13 ph
Visit us on the web at http://www.gdsconnect.com
From: MacGyver [SMTP:macgyver @
Sent: Tuesday, January 06, 1998 11:55 AM
To: Firewalls Mailing List
Subject: Stateful Inspection Anyone?
I've been wondering this for a while, but just haven't gotten
asking anyone yet:
Checkpoint's Firewall-1 has a feature known as "stateful
they tout as the end-all and be-all of packet-filtering and
Anyone had any experience in using this feature or have any
regarding stateful inspection? How large of a performance
impact is there
when stateful inspection is enabled? Are the gains worth the
Hope this spurs some interesting discussion.
^ Habeeb J. Dihu
-' `- Managing Senior Technologist
" ' ` " Cirrus Technologies
" ' ` "
" ' . ` "
" ' .' ` ` " 'I don't believe in the no-win scenario'
" ` ' `' " -- Captain James T. Kirk, Star Trek
` ' _ _ ' 'There is an old Vulcan proverb, `Only
' could go to China.`'
-- Captain Spock, Star Trek VI: TUC