Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

looking for firewall experts.

Posted on 2011-09-27
3
378 Views
Last Modified: 2012-06-27
Hi
I need to know the deference between the state full and state less firewall...

and in case you open rule from A to B..do u need to open same rule again from B to A or it will be a threat.

cheers.
0
Comment
Question by:besmile4ever
3 Comments
 
LVL 2

Assisted Solution

by:jdc1944
jdc1944 earned 100 total points
ID: 36708888
Is there any specific differences you want to know about Stateless and Statefull Firewalls?

Simply the difference between the two are that stateless firewalls inspect each packet with the firewall rules and looks at the IP source and destination addresses.  Whereas statefull firewalls monitor the traffic from end - to - end and are aware of the state of connections such as whether they are open, they can also look at other information in the packets because they inspect the IP source and destination address as well as looking at the protocols that are being used.
0
 
LVL 10

Accepted Solution

by:
WayneATaylor earned 400 total points
ID: 36708894
In basic terms, a stateless firewall just looks at each packet as an individual check, i.e. based on port or type (UDP/TCP) and either allows it or not, with no reference to other packets.

A statefull firewall is one that does the above, but has the added function that is works up to layer 4 of the OSI Model and can look at other packets as a whole communication stream and make blocking decisions based on say know exploits etc, using packets of the whole conversation.

Regarding opening up A to B and then also B to A, you would normally open both for most traffic types, for way SMTP email send and recieve it would need to be both ways, and Web traffic would need both ways.  But this does depend on your actual circumstances as some systems listen on one port and repond on another, so you would need one port in and the second port det for outbound.

Wayne



0
 

Author Closing Comment

by:besmile4ever
ID: 36895653
thnks.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question