Comparing network firewall inspection technologies

Network firewalls have evolved from packet filters to proxy servers and finally to stateful inspection, which delivers the benefits of both packets filters and proxy servers.

Network firewalls are a mature technology. Is there really any difference in the capabilities of the various inspection technologies?

Original firewall technology made security decisions on only packet sources and destinations. These network firewalls were referred to as packet filters. Because they made very simple decisions, these firewalls were fast, but not very secure.

The second generation of network firewalls were application layer gateways, or proxy servers. Proxy servers completely disassembled all network communication passing through them and were able to make advanced decisions about the security of a given connection. This made them very secure, but also very slow.

Stateful inspection is the third generation of network firewall. It combines the speed of a packet filter with the security protections of an application layer gateway. Today almost all enterprise-class firewalls utilize some form of stateful inspection technology.

This was first published in November 2007

Dig deeper on Introductory Security Services

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close