Stateful Packet Inspection

Stateful packet inspection requires keeping track of the state of the communications channel between the endpoints in the communication. The firewall monitors the IP, TCP and UDP header information passing between client and server. By monitoring this information, the firewall knows who inside the protected zone is opening connections and whom outside the firewall they are communicating with. Thus, any unsolicited connection request from outside or any random packet sent from outside will be recognized as not being part of any permitted or ongoing communications.

Stateful inspection firewalls can even permit return traffic from a server which is not explicitly permitted by the firewall's ruleset. Because the client protected by the firewall initiated the connection, the firewall can permit the return response from the server, even if no rule exists to explicitly permit this. For example, smart stateful packet inspecting firewalls will know when a protected host is opening an FTP connection and will know to permit the returning connection for the data channel on a different TCP port.

This is the power of stateful inspection.

Share This:

If you found this tutorial useful, please DONATE! Donations support the creation and maintenance of this, and other tutorials throughout this site.