Re: Gauntlet 5.5, is packet filtering stateful?

[Chad Schieken <cschieken () lucent com>]

Lance,

None of their marketing material calls it "Stateful Packet Filtering".


For a marketing slick for Gauntlet 6.0 
<http://download.nai.com/products/media/pgp/pdf/literature/ds-gauntlet.pdf>
To balance lower-level security concerns with high data throughput needs, 
you can create packet-screening rules. Gauntlet Firewall supports both 
traditional "stateless" packet screening, as well as new "forward with 
reply" packet screening. "Forward with reply" rules remember TCP/IP state 
connections and once permitted by the rule, all subsequent packets for the 
connection flow through the firewall until the rule is terminated. 
Packet-screening rules operate at the network layer of the OSI seven-layer 
model using source, destination IPs, and ports, as well as protocol IDs, 
TCP/IP flags, and hardware interfaces to determine if packets can pass 
through the firewall.
protocols to penetrate the firewall without direct connection to
computers behind the firewall


Hope this helps at all...

Later...
chad



At 10:06 AM 9/1/2001, Lance Spitzner wrote:
> Guantlet ver5.5 firewall has packet filtering capabilities.
> Are these packet filtering features stateful?  By stateful,
> I mean does Guantlet 5.5, using the packet filtering capabilities,
> have the intelligence to expect a return packet, similar to
> most stateful firewalls?
>
> Thanks!
>
> --
> Lance Spitzner
> http://project.honeynet.org
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards