Problem solve Get help with specific problems with your technologies, process and projects.

How do stateful inspection and packet-filtering firewalls differ?

Can you tell a stateful inspection firewall from a packet-filtering firewall? In our expert Q&A, network security expert, Mike Chapple, examines the important differences between the two and reveals when each should be used.

In what scenario should a stateful inspection firewall and a packet-filtering firewall be used?

In general, firewalls that make use of stateful inspection are the industry norm. Stateful inspection replaced packet filtering in most environments several years ago, and the majority of modern firewall systems take advantage of it.

The main difference between the two firewalls is that stateful inspection systems maintain a state table, allowing them to keep track of all open connections through a firewall, while packet-filtering firewalls do not. When traffic arrives, the system compares the traffic to the state table, determining whether it is part of an established connection.

The only place you'll likely see packet filtering in today's environment is at an Internet-facing router. These devices often implement a basic packet-filtering rule set to weed out obviously unwanted traffic and reduce the load on a stateful inspection firewall immediately behind the router.

More on this topic


This was last published in October 2006

Dig Deeper on Network device security: Appliances, firewalls and switches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.