How do stateful inspection and packet-filtering firewalls differ?

Ask the Expert

How do stateful inspection and packet-filtering firewalls differ?

In what scenario should a stateful inspection firewall and a packet-filtering firewall be used?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

In general, firewalls that make use of stateful inspection are the industry norm. Stateful inspection replaced packet filtering in most environments several years ago, and the majority of modern firewall systems take advantage of it.

The main difference between the two firewalls is that stateful inspection systems maintain a state table, allowing them to keep track of all open connections through a firewall, while packet-filtering firewalls do not. When traffic arrives, the system compares the traffic to the state table, determining whether it is part of an established connection.

The only place you'll likely see packet filtering in today's environment is at an Internet-facing router. These devices often implement a basic packet-filtering rule set to weed out obviously unwanted traffic and reduce the load on a stateful inspection firewall immediately behind the router.

More information:
  • Find out how implementing stateful inspection firewalls can help network administrators keep tabs on TCP connections.
  • You've learned about stateful inspection and packet-filtering firewalls. Now, see how these differ from proxy firewalls.
  • This was first published in October 2006