Comparing network firewall inspection technologies

Network firewalls are a mature technology. Is there really any difference in the capabilities of the various inspection technologies?

Original firewall technology made security decisions on only packet sources and destinations. These network firewalls were referred to as packet filters. Because they made very simple decisions, these firewalls were fast, but not very secure.

The second generation of network firewalls were application layer gateways, or proxy servers. Proxy servers completely disassembled all network communication passing through them and were able to make advanced decisions about the security of a given connection. This made them very secure, but also very slow.

Stateful inspection is the third generation of network firewall. It combines the speed of a packet filter with the security protections of an application layer gateway. Today almost all enterprise-class firewalls utilize some form of stateful inspection technology.

This was first published in November 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: