Stateful is mainly opposed to "simple" packet filtering. When you do packet filtering (like in a router access list) each packet is checked by itself, without regard for other packets seen for the particular session. CP remembers (AKA keeps state) of prior packets seen on a session and can derive decisions on traffic flow from its state table.
Its all explained much better in Lance Spitzner's white paper http://www.enteract.com/~lspitz/fwtable.html Enjoy, Shimon Silberschlag +972-3-9352785 +972-51-207130 ----- Original Message ----- From: "Raj Baby" <[EMAIL PROTECTED]> To: "Shimon Silberschlag" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, May 22, 2002 23:00 Subject: RE: question > Hi, > > Thanks very much for the answer. > > Would you pl refer this doc ? > http://www.sofaware.com/html/tech_stateful.shtm > <http://www.sofaware.com/html/tech_stateful.shtm> > > It's table (page 2 of 8)makes me beleive that the stateful inspection > does Application derived state+Information manipulation which is done > actually by an application filter.Right?? > > Again the defenition in page 4 of 8 says "stateful inspection extracts > state-related information required for security decision from all > application layers and maintain this information in dynamic state table > for evaluating subsequent connection attempts." > > Could you pl clarify ??? > > Thanks > > Ricky > > -----Original Message----- > From: Shimon Silberschlag [ mailto:[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> ] > Sent: Wednesday, May 22, 2002 11:18 AM > To: Raj Baby; [EMAIL PROTECTED] > Subject: Re: question > > > The "security servers" (using CP terminology) can be considered > application level gateways. This is why many think of CP as a hybrid > firewall, as opposed to doing stateful inspection only. > You can't do stuff like the PUT/GET you describe without going to > layer 7 - checking the packet payload. > > HTH, > > Shimon Silberschlag > > +972-3-9352785 > +972-51-207130 > > ----- Original Message ----- > From: "Raj Baby" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, May 22, 2002 15:48 > Subject: question > > > > Hi, > > > > If i configure firewall 1 in windows NT using rule base editor,is it > going to be a stateful inspection?? > > > > > > If that is the case ,then why is content filtering used for > application filtering like restricting an FTP GET or allowing an FTP > PUT?? > > > > > > I mean to say that is to be taken care by stateful inspection > Right??) > > > > Help is greatly appreciated by a NOVICE in checkpt > > > > Thanks, > > Ricky (Baby Raj P) > > Computer Associates International, Inc > > Technology Consultant / NT Storage > > Tel: +1 866-422-2774 > > E-Mail: [EMAIL PROTECTED] > > > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > For Account Management (unsubscribe, get/change password, etc) > Please go to: > > http://lists.gnac.net/mailman/listinfo/firewalls > <http://lists.gnac.net/mailman/listinfo/firewalls> > > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
