|WikiProject Computer Security / Computing||(Rated Start-class, Mid-importance)|
|WikiProject Computing / Networking / Software / Hardware||(Rated Start-class, Mid-importance)|
In the latest edit (12 Jan 06 16:51:52 EDT) most the content was removed. Was there a reason for this? Joshua
I was looking for SPI firewall and came to this page by Google. SPI should be included for the search as it is the more common abbreviation within consumer routers.
Remark about Checkpoint's invention?
I distinctly remember that Checkpoint's Firewall-1 was ground breaking back in the day it was introduced in the early ninties. Maybe it's worth mentioning that this was the first product to introduce this concept.
Amos Shapira 00:48, 31 January 2007 (UTC)
The sentence at the end of the second paragraph needs editing:
"However, pure packet filters have no concept of state as defined by computer science using the term finite state machine and are subject to spoofing attacks and other exploits" —Preceding unsigned comment added by 22.214.171.124 (talk) 17:36, 17 October 2007 (UTC)
Check Point's patent on Stateful Inspection (http://www.google.com/patents?vid=USPAT5606668) clearly lists Gil Shwed as the inventor of Sateful Inspection, not Nir Zuk as listed in the article currently. Nir Zuk was one of the developers who originally worked on this technology while at Check Point. One example where he says this is: http://www.paloaltonetworks.com/researchcenter/2010/01/can-stateful-inspection-evolve-2/ but I also know this from my own past dealings with Nir when I worked at Nokia.
Disclaimer: I currently work for Check Point Software, thus why I am posting this on the talk page and not directly editing this article.
In the Pitfalls section, it talks about non-http connections being affected by TCP window scaling, but then turns around in the last paragraph and talks about Vista having issues over http connections. And the ref2 doesn't seem to talk about that. Huh? Also ref1 seems to talk about this being an RFC 1323 compliance issue with the router as opposed to a Vista issue. Is this anti-MSFT bias?
I removed the whole paragraph now. Linux < 2.6.8 and Windows Vista are age-old operation systems and TCP window scaling is standard practice. A firewall displaying this "pitfall" now is seriously broken; it's not worth any mention here. 126.96.36.199 (talk) 06:46, 13 April 2012 (UTC)
NAT as stateful firewall
Network address translation, as implemented in every home-quality router, maps connections and ports in a way similar to stateful firewalls. Many cheap networking companies claim built-in SPI firewalls when it is only a NAT system. If someone would like to create a section on this, and what the differences are between NAT and SPI, that would be appreciated. Mamyles (talk) 14:07, 1 November 2011 (UTC)
NAT is by definition stateful, it wouldn't work otherwise. Most of them run Linux anyway and run Netfilter, which is as full-blown an SPI firewall as you can get. 188.8.131.52 (talk) 06:47, 13 April 2012 (UTC)