Firewall
256
8.2
What is a Firewall?
BAT54-Rail/F..
Release
7.54
06/08
Let’s have once again a look at the FTP download example. When starting
the FTP session, the client establishes a connection from source port '4321'
to the destination port '21' of the server. The Stateful Inspection allows this
first set up, as long as FTP is allowed from local workstations to the outside.
In the dynamic connection state table, the Firewall enters source and desti-
nation and the respective port. Simultaneously, the Stateful Inspection can
inspect the control information, sent to port 21 of the server. These control
signals indicate that the client requires a connection of the server from its port
20 to port 4322 of the client. The Firewall also enters these values into the
dynamic table, because the connection to the LAN has been initiated from
the client. Afterwards, the server can send so the desired data to the client.
But if another workstation from the Internet tries to use the just opened port
4322 of the LAN to file itself data from its port 20 on the protected client, the
Firewall will stop this try, because the IP address of the attacker does not fit
to the permitted connection!
Note: After the successful data transfer, the entries disappear automatically
from the dynamic table and the ports will be closed again.
Moreover, a Firewall with Stateful Inspection is mostly able to re-assemble
the received data packets, that means to buffer the individual parts and to as-
semble them again to an complete packet. Therefore, complete IP packets
can be checked by the Firewall, rather than individual parts only.
Dest. port 4322
Source port 20
Source IP Dest. IP Sc. port Dst. port
10.0.0.1 80.190.240.17 4321 21
80.190.240.17 10.0.0.1 20 4322
IP: 80.146.204.15
outgoing connection
permitted incoming connection
unauthorized incoming
connection
To Next Page
Loading...
Need help?
General
