Re: [fw-wiz] Firewall rules order and performance
- From: "Marcus J. Ranum" <mjr@xxxxxxxxx>
- Date: Thu, 30 Jul 2009 03:49:20 -0400
Eric Gearhart wrote:
makes it sound like the term started with "packet filter," then
evolved to stateful packet inspection, then the third generation of
the term evolved into your definition...
Wikipedia has it wrong. First was some packet filtering. Then,
it appears Dave Presotto at Bell Labs started at layer-7 with
circuit relays. Cisco added "established" to IOS - is that
"stateful" or not? Man in the middle layer-7 proxies came next,
then Geoff Mulligan at Sun and Bob Braden at ISI started on
"Sunscreen" and "Visas", respectively. "Stateful packet
inspection" a la Checkpoint didn't enter the scene until
relatively late. Sunscreen was already selling poorly but
in the market, and the proxy firewall vendors - DEC/Altavista,
Raptor, TIS, ANS, Milky Way, and Harris - were selling the hell
out of layer-7 solutions.
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] Firewall rules order and performance
- From: Pierre Blanchet
- Re: [fw-wiz] Firewall rules order and performance
- From: lordchariot
- Re: [fw-wiz] Firewall rules order and performance
- From: Marcus J. Ranum
- Re: [fw-wiz] Firewall rules order and performance
- From: Jean-Denis Gorin
- Re: [fw-wiz] Firewall rules order and performance
- From: Eric Gearhart
- Re: [fw-wiz] Firewall rules order and performance
- From: Eric Gearhart
- [fw-wiz] Firewall rules order and performance
- Prev by Date: Re: [fw-wiz] Firewall rules order and performance
- Previous by thread: Re: [fw-wiz] Firewall rules order and performance
- Next by thread: Re: [fw-wiz] Firewall rules order and performance
- Index(es):
