Ask the Expert

How do stateful inspection and packet-filtering firewalls differ?

In what scenario should a stateful inspection firewall and a packet-filtering firewall be used?

Requires Free Membership to View

In general, firewalls that make use of stateful inspection are the industry norm. Stateful inspection replaced packet filtering in most environments several years ago, and the majority of modern firewall systems take advantage of it.

The main difference between the two firewalls is that stateful inspection systems maintain a state table, allowing them to keep track of all open connections through a firewall, while packet-filtering firewalls do not. When traffic arrives, the system compares the traffic to the state table, determining whether it is part of an established connection.

The only place you'll likely see packet filtering in today's environment is at an Internet-facing router. These devices often implement a basic packet-filtering rule set to weed out obviously unwanted traffic and reduce the load on a stateful inspection firewall immediately behind the router.


More information:
  • Find out how implementing stateful inspection firewalls can help network administrators keep tabs on TCP connections.
  • You've learned about stateful inspection and packet-filtering firewalls. Now, see how these differ from proxy firewalls.
  • This was first published in October 2006