Stateful Firewall Definition
With the term Stateful Firewall, we generally refer to a network security device that are more advanced than firewalls because they are able to monitor and block all of the network traffic based on a predetermined set of policies and rules. Stateful firewalls usually are able to monitor both inbound and outbound traffic and track TCP sessions and the state of other network connections.
The main difference with stateless firewalls is that these do not differentiate between the different types of traffic such as SSH or FTP and simply consider them as safe connections allowing them to go through. This can be problematic in certain situations since it opens up the possibility of exploits and attacks.
One of the main uses that is made of stateful firewalls is to prevent attackers to perform Denial-of-Service attacks and port scans, as well as blocking traffic from reaching certain applications and connections that are blacklisted.
Some of the most common stateful firewalls are:
- Cisco ASA
- Check Point Firewall-1
- Palo Alto Networks PA-Series
- Fortinet FortiGate
- Juniper SRX
Stateful firewalls are able to integrate services such as tunnels and encryption algorithms. With these integrations, the firewalls are able to improve their performance by blocking attackers from intercepting their traffic and making the connection more secure.