Talk:Stateful firewall

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computer Security / Computing  (Rated Start-class, Mid-importance)
WikiProject icon This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
Taskforce icon
This article is supported by WikiProject Computing (marked as Mid-importance).
 
WikiProject Computing / Networking / Software / Hardware (Rated Start-class, Mid-importance)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
Taskforce icon
This article is supported by Networking task force (marked as High-importance).
Taskforce icon
This article is supported by WikiProject Software (marked as Low-importance).
Taskforce icon
This article is supported by Computer hardware task force (marked as Low-importance).
 

Should this be at Stateful firewall? -- Zoe

Content removed[edit]

In the latest edit (12 Jan 06 16:51:52 EDT) most the content was removed. Was there a reason for this? Joshua


I was looking for SPI firewall and came to this page by Google. SPI should be included for the search as it is the more common abbreviation within consumer routers.

Remark about Checkpoint's invention?[edit]

I distinctly remember that Checkpoint's Firewall-1 was ground breaking back in the day it was introduced in the early ninties. Maybe it's worth mentioning that this was the first product to introduce this concept.

Amos Shapira 00:48, 31 January 2007 (UTC)

The sentence at the end of the second paragraph needs editing:

"However, pure packet filters have no concept of state as defined by computer science using the term finite state machine and are subject to spoofing attacks and other exploits" —Preceding unsigned comment added by 213.139.195.162 (talk) 17:36, 17 October 2007 (UTC)

Check Point's patent on Stateful Inspection (http://www.google.com/patents?vid=USPAT5606668) clearly lists Gil Shwed as the inventor of Sateful Inspection, not Nir Zuk as listed in the article currently. Nir Zuk was one of the developers who originally worked on this technology while at Check Point. One example where he says this is: http://www.paloaltonetworks.com/researchcenter/2010/01/can-stateful-inspection-evolve-2/ but I also know this from my own past dealings with Nir when I worked at Nokia.

Disclaimer: I currently work for Check Point Software, thus why I am posting this on the talk page and not directly editing this article.

DameonWelchAbernathy (talk) 20:24, 23 March 2010 (UTC)

Pitfalls section[edit]

In the Pitfalls section, it talks about non-http connections being affected by TCP window scaling, but then turns around in the last paragraph and talks about Vista having issues over http connections. And the ref2 doesn't seem to talk about that. Huh? Also ref1 seems to talk about this being an RFC 1323 compliance issue with the router as opposed to a Vista issue. Is this anti-MSFT bias?

InsufficientData (talk) 16:20, 30 August 2008 (UTC)

I removed the whole paragraph now. Linux < 2.6.8 and Windows Vista are age-old operation systems and TCP window scaling is standard practice. A firewall displaying this "pitfall" now is seriously broken; it's not worth any mention here. 194.237.142.10 (talk) 06:46, 13 April 2012 (UTC)

NAT as stateful firewall[edit]

Network address translation, as implemented in every home-quality router, maps connections and ports in a way similar to stateful firewalls. Many cheap networking companies claim built-in SPI firewalls when it is only a NAT system. If someone would like to create a section on this, and what the differences are between NAT and SPI, that would be appreciated. Mamyles (talk) 14:07, 1 November 2011 (UTC)

NAT is by definition stateful, it wouldn't work otherwise. Most of them run Linux anyway and run Netfilter, which is as full-blown an SPI firewall as you can get. 194.237.142.10 (talk) 06:47, 13 April 2012 (UTC)

Editor can't tell upper from lower case[edit]

Wouldn't let me change letter "a" to "A". 71.211.237.53 (talk) 04:09, 19 July 2013 (UTC)