Stateful vs Stateless Firewalls - You NEED to know the difference

The last two minutes were pure gold.
But to reach it, you have to dig through the first 12 minutes!!

learnwell

I've looked up this stateless vs stateful subject many times before and nowhere has it been explained better than in this video! Brilliant job, thank you!

brynjellis

As a Networks instructor, I see that this video is helpful and professional. 20/20

siraj-

I've been in network security for sometime now, and this is one of the best ways I've seen this explained. Great work!

Just-Browsing-

- When you make a connection using TCP each side is sending IP packets to each other. TCP is layer 4 protocol which runs on top of IP and adds error correction and ports.

- Each connection by a user via client to an application on a server consists of two parts- the request (initiation) and the response which are two parts of the same interaction

- client picks a temporary (ephemeral) port as its source which has a value between 1024 and 65536. Then the client initiates a connection to the server using a well known destination port 443 - https. Well known ports are associated with popular applications. This is the request part. The client asking for something from the server.

- Next the server responds with some type of data. The server connects to the source IPof the request which is the clien. It connects to the client's port which is an ephemeral port. This is the response part. It is from the server on that well known port 443 to the client on the ephemeral port chosen by the client

- It is is this values that uniquely identify a connection - source Ip and source port, and destination IP and destination port.

- Each interaction/connection comprises of a request part and response component. The directionality of the transmission depends on the node's perspective. The direction of a request or response isnt always outbound or inbound. There are outgoing requests, outgoing responses, incoming requests and incoming responses. Some servers can have all, like web servers, where the both initiate and accept connections. For every connection start with the request and the response will be the inverse

- When the client initiates a request, packets are sent to the server with a source IP and source port of the client and destination IP and destination port of the server. This request is an outbound request from the client perspective and an inbound request from the server perspective

- Firewalls require consideration of perspective - directionality when defining rules for connections. The response is always inverse direction to the request - source IP, source port and destination IP and destination port switch.

- Stateless firewalls see the request and response as separate activities. Allowing or denying them is done individually so there are two separate rules required one for the request and another for the response. Therefore more management overhead with more rules required per connection

- The request component is always going to be to a well know port. The response is always going to be from a server to a client going to a random ephemeral port chosen by the client's OS. And because the firewall is stateless it has no way of knowing which specific port the response is destined for. Therefore in the firewall rules traffic in the full range of ephemeral ports must be allowed which isn't ideal for security engineers.

- Stateful firewalls are intelligent enough to identify the response component from it's request component. By comparing the ports and IP of the request and response and if they're the same it can link them to each other. Therefore, for a specific request the stateful firewall automatically knows which data is the response and automatically allows it. Therefore only one rule required for stateful firewalls which is for allowing/denying the request and the response is automatically allowed/denied significantly reducing admin overhead. In addition there's no need to allow traffic for the entire ephemeral port range as the firewall knows the specific ephemeral port for the connection

seetsamolapo

The prehistory you made before explaining actual firewalls is brilliant!
Thanks for the video!

vladislavkaras

Brilliant video, broken down each and every part very detailed and straight to the point.

salkeldeliaoe

Very clear explanation and incredibly helpful. One thing that still confuses me is the ‘overhead’ part which you say is lower on stateful firewalls. Since they record the state of a connection whereas a stateless firewall doesn’t; it’s more intuitive for me to say that a stateless firewall therefore needs less memory and has less overhead as a consequence. But I’m probably mistaken one concept for the other.

Gsfkdhkjhgfs

The explanation was hell stateful, Thanks Bro

mmmm-gsmc

Thanks for the amazing work you're putting in !

TopYoutubeComments

Well articulately explained. Also quickly refreshed some of the Network layer concepts before diving into the topic, this is something I always wanted.

shitshow_

video starts at 8:20 if you already know the basics of what a firewall is.

Work-wjwv

Good slides, good explanations, good video. Thanks for making me smarter.

ischozar

Excellent Explanation, I'm still learning a lot but this is spot on and really breaks it down for me to understand. Thank you.

jonathantx

Best explanation ever. Clarity pro max!

ShrutiSharma-xuqs

Excellent video and explanation. You have cleared up so many topics for me.

chuckbalogh

Literally, brilliant way to teach.
Thanks ❤

Kumararpit

It’d be a crime to follow, like and comment.

Thank you for a Job well done!

kingtop

what a fantastic explanation along with slides. Thank u very much

deepshah

Oh this explaination is excellent and helps a lot

Enzo-spbf