Re: [fw-wiz] Firewalls that generate new packets..

---

• From: "Marcus J. Ranum" <mjr@xxxxxxxxx>
• Date: Mon, 26 Nov 2007 00:31:08 -0500

---

Dave Piscitello wrote:

I really would like to see a thorough analysis of the performance of an application layer policy enforcement using strictly stateful inspection techniques versus the same policy enforced using strictly proxy techniques.

It's pointless, Dave. "stateful inspection firewalls" ought to consistently
perform about as fast as routers. Because that's pretty much what they
are. Something that does any layer-7 analysis will always be slower
than something that does nothing more than table lookup and a
sequence number check.

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

---

• References:
  • Re: [fw-wiz] Firewalls that generate new packets..
    • From: Paul Melson
  • Re: [fw-wiz] Firewalls that generate new packets..
    • From: Paul D. Robertson
  • Re: [fw-wiz] Firewalls that generate new packets..
    • From: Patrick M. Hausen
  • Re: [fw-wiz] Firewalls that generate new packets..
    • From: Dave Piscitello

• Prev by Date: Re: [fw-wiz] Firewalls that generate new packets..
• Next by Date: Re: [fw-wiz] Firewalls that generate new packets..
• Previous by thread: Re: [fw-wiz] Firewalls that generate new packets..
• Next by thread: Re: [fw-wiz] Firewalls that generate new packets..
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > Firewall-Wizards  > 2007-11