Beruflich Dokumente
Kultur Dokumente
Typically firewalls are devices that are placed between a trusted and an untrusted network.
Checkpoint coded top of Linux kernel. **Palo Alto coded on top of free BSD similar to Juniper
firewall.
Checkpoint called unified blade. **In Palo alto similarly provide same feature with different
license.
Checkpoint we called URL filtering blade. **In Palo Alto we see bride cloud for URL filtering.
Checkpoint IPS called IPS blade. **In Palo Alto we call it Wildfire.
Checkpoint called Identity awrenes. **In Palo Alto User ID.
Checkpoint called say serial processing. **In Palo Alto it is parallel processing.
A stateful firewall keeps track of the "state" of connections based on source/destination IP,
source/destination port and connections flags. It can really only keep state for TCP connections
because TCP uses flags in the packet headers. eg
The client picks a random port eg 33212 and sends a packet to the server
source IP = 192.168.5.1
destination IP = 172.16.5.2
Server responds
source IP = 172.16.5.1
source port = 23
destination IP = 192.168.5.1
Client responds
Now lets say there is a stateful firewall in between the client and the server.
When the firewall sees the initial packet from the client it records all the info above.
When the server responds the firewall looks up it's state table to see if it has a matching entry for
the connection and finds it does. What's more because the firewall expects to see a SYN/ACK from
the server because it recorded a SYN from the client. So the packet is allowed.
Now lets say the client hasn't sent an intital packet and the server sent a packet with the same info
as above. The TCP FLAGS are SYN/ACK but the firewall has no record of a SYN packet sent from the
client. So the packet is dropped.
In essence this is how stateful firewalls work . They keep track of each connection and allow the
traffic to flow through only if there are corresponding entries in it's state table.
For non-TCP protocols eg UDP there are no flags so the stateful firewall sets a timer ie. if it sees a
DNS query go out it records the IP source/destination and the Port source/destination. If within a
certain amount of time a packet is received back with the same IP'S and port number, although
obviously the source and destination are flipped, the packet is allowed through.
Stateless firewall:
Stateless firewall does not keep track of the state of network connections.