What kind of firewall does your organization require: proxy, stateful packet inspection, or a hybrid?
Proxy firewalls filter services at the application level, and in essence, create a virtual connection, hiding the internal client IP address and concealing the network topology of the internal network from the outside world. If a proxy firewall is bundled with an intrusion detection module, it can analyze traffic patterns and often prevent denial of service (DoS) attacks–something not all firewalls can do inherently. Stateful packet inspection firewalls are based on the filtering of packets at the network level–these firewalls examine protocol packet header fields: source IP address, destination IP address, TCP/UDP source ports, and TCP/UDP destination ports. They’re “stateful” because the firewall can remember prior connection states, and continuously updates this information in dynamic connection tables. The firewall evaluates subsequent transactions against prior connection histories. Check Point’s Firewall-1 firewall goes beyond that and also collects application state informatio
