Table of Contents
Advertisement
Packet State and Context Information
To track and act on both state and context information for an application is to treat that
traffic statefully. The following are examples of state and context-related information that a
firewall should track and analyze:
•
Packet-header information (source and destination address, protocol, source and
destination port, and packet length)
•
Connection state information (which ports are being opened for which
connection)
•
TCP and IP fragmentation data (including fragments and sequence numbers)
•
Packet reassembly, application type, and context verification (to verify that the
packet belongs to the communication session)
•
Packet arrival and departure interface on the firewall
•
Layer 2 information (such as VLAN ID and MAC address)
•
Date and time of packet arrival or departure
The UTM-1 firewall examines IP addresses, port numbers, and any other information
required. It understands the internal structures of the IP protocol family and applications,
and is able to extract data from a packet's application content and store it, to provide
context in cases where the application does not provide it. The UTM-1 firewall also stores
and updates the state and context information in dynamic tables, providing cumulative data
against which it inspects subsequent communications.
The Stateful Inspection Advantage - Passive FTP Example
In order to discuss the strength of Stateful Inspection technology in comparison to the
other firewall technologies mentioned, we will examine the Passive FTP protocol and the
ways that firewalls handle Passive FTP traffic pass-through.
FTP connections are unique, since they are established using two sessions or channels: one
for command (AKA control) and one for data. The following table describes the steps of
establishing a Passive FTP connection, where:
•
C is the client port used in the command session,
•
D is the client port used in the data session, and
•
P is the server port used in the data session.
Chapter 2: UTM-1 Security
The UTM-1 Firewall
47
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the UTM-1 Edge and is the answer not in the manual?