1> What do you understand by next generation firewall.

 Typically firewalls are devices that are placed between a trusted and an untrusted network.

Traditional firewalls was working on L3 & L4 layer.

Next generation firewall working on L3 , L4 & Layer 7 . Features like User identity based ,
Application based , Content based .
 Authorized user can get the access from anywhere in the world based on user identity instead
of ip address.
 Url can be restricted or allowed based on their content , bandwidth consumption , category etc.
2> What is difference between checkpoint & palo alto firewall.

Checkpoint coded top of Linux kernel. **Palo Alto coded on top of free BSD similar to Juniper
firewall.
Checkpoint called unified blade. **In Palo alto similarly provide same feature with different
license.
Checkpoint we called URL filtering blade. **In Palo Alto we see bride cloud for URL filtering.
Checkpoint IPS called IPS blade. **In Palo Alto we call it Wildfire.
Checkpoint called Identity awrenes. **In Palo Alto User ID.
Checkpoint called say serial processing. **In Palo Alto it is parallel processing.

3> What do you understand by statefull & stateless.

A stateful firewall keeps track of the "state" of connections based on source/destination IP,
source/destination port and connections flags. It can really only keep state for TCP connections
because TCP uses flags in the packet headers. eg

When a client telnets to a server.

Client address = 192.168.5.1

Server address = 172.16.5.2

The client picks a random port eg 33212 and sends a packet to the server

source IP = 192.168.5.1

source port = 33212

destination IP = 172.16.5.2

destination port = 23 ( 23 is telnet port )

TCP Flag = SYN

Server responds

source IP = 172.16.5.1

source port = 23

destination IP = 192.168.5.1

destination port = 33212

 TCP FLAG = SYN/ACK

Client responds

Same as original client packet except

TCP FLAG = ACK

The above is called the TCP 3 way handshake.

Now lets say there is a stateful firewall in between the client and the server.

When the firewall sees the initial packet from the client it records all the info above.

When the server responds the firewall looks up it's state table to see if it has a matching entry for
the connection and finds it does. What's more because the firewall expects to see a SYN/ACK from
the server because it recorded a SYN from the client. So the packet is allowed.

Now lets say the client hasn't sent an intital packet and the server sent a packet with the same info
as above. The TCP FLAGS are SYN/ACK but the firewall has no record of a SYN packet sent from the
client. So the packet is dropped.

In essence this is how stateful firewalls work . They keep track of each connection and allow the
traffic to flow through only if there are corresponding entries in it's state table.

For non-TCP protocols eg UDP there are no flags so the stateful firewall sets a timer ie. if it sees a
DNS query go out it records the IP source/destination and the Port source/destination. If within a
certain amount of time a packet is received back with the same IP'S and port number, although
obviously the source and destination are flipped, the packet is allowed through.

Stateless firewall:

Stateless firewall does not keep track of the state of network connections.