Firewall Wizards mailing list archives
Re: What is the difference between stateful packet filtering and Stateful pkt inspection ?
From: Volker Tanger <volker.tanger () discon de>
Date: Fri, 31 Jan 2003 16:06:25 +0100
Greetings! anil bindal wrote:
1) What is the difference between a stateful pkt filter and stateful packet inspection ?
http://wyae.de/secure_gateway/gateways.php
2) Does any of above two include the payload verificaion and analysis ( i.e. application level Proxies !)?
Only the "inspection" ones - but inspection quite often is limited (in most cases to parts of HTTP).
3) What does the WG FB 1000 do ? Stateful Pkt Inspection or Stateful Pkt filtering ? 4) What does the WG V60 do ? SPInspection or SPfiltering ?
Stateful - definitely. And I guess some inspection for HTTP - but nothing I know of (please correct me) for other protocols.
5) Does the Watch Guard http-filter rule does the same processing on the packet as the check point or CISCO PIX rule ??
No. CheckPoint and PIX use (transparent) proxies (called "ressource" or "fixup") when filtering. But CKP has quite some inspection for a number of other protocols - especially when it comes to RPC handling, I do not know any product coming near. Again: please correct me, if I missed something here.
6) Lastly is the stateful packet ( filter or inspection whatever the WG boxes do ) sufficient from the security point of view ( no application level proxies ? )
Depends on the level and quality of inspection - and of the proxy, of course. In real-world products proxies are usually a bit better/strict with respect to security (e.g. checking for RFC conformity).
why all above questions are being asked is bcose i want to decide on either FB 1000 or V60. One of them has BW management and other does not have the application level proxies ??
The FB1k has (taken from feature-list) only 4 proxies with data-sanitation: http, ftp, smtp, dns. If you use e.g. an anti-virus gateway for these, you'll automatically have most of these features on the AV gateway. OTOH the Vseries generally is faster with respect to VPN and has QoS-Mgmt.
What level of security will i compromise if i decide on V60 with BW management ??
What do you need the FW for? What is your 2nd/3rd/4th line of defense? Bye Volker Tanger IT-Security Consulting -- discon gmbh WrangelstraĆe 100 D-10997 Berlin fon +49 30 6104-3307 fax +49 30 6104-3461 volker.tanger () discon de http://www.discon.de/ _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- What is the difference between stateful packet filtering and Stateful pkt inspection ? anil bindal (Jan 31)
- Re: What is the difference between stateful packet filtering and Stateful pkt inspection ? Volker Tanger (Jan 31)
- Re: What is the difference between stateful packet filtering and Stateful pkt inspection ? Frederick M Avolio (Jan 31)
- Re: What is the difference between stateful packet filtering and Stateful pkt inspection ? Volker Tanger (Jan 31)