Stateful Packet Inspection

Stateful packet inspection is also known as dynamic packet filtering. What type of table does stateful packet inspection use for filtering? What are the attributes that are part of the state of the connection? How is stateful packet inspection different from static packet filters? How can stateful packet inspection improve network performance?

Stateful Packet Inspection (SPI) Firewalls, also known as dynamic packet filtering, improves static packet filtering by using a "state table" to keep track of legitimate Internet service requests.

SPI firewalls work by only allowing data through that comes from known and active connections. Any other data is rejected.

SPI firewalls record attributes including the requesting (egress) client's IP and port addresses, handshake (SYN-ACK-ACK) statuses, and egress routes. This group of attributes is collectively known as the state of the connection.

This firewall matches ingress traffic against these outgoing requests to ensure that each response is expected.

Stateful packet inspectors typically have the same features as static packet filters, but they're able to view more of the network packet to determine whether to allow or block traffic. Again, ingress packets that don't meet the criteria established by the SPI are discarded.

Stateful packet inspectors can increase the performance of some networks because they allow fewer packets to pass.

Source: Joseph Wetzel,
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 License.

Last modified: Thursday, April 15, 2021, 4:41 PM