Welcome to IE-LAB!

Generic filters
Generic filters

CCIE /HCIE network engineers must understand the firewall classification

In order to have a certain grasp of firewalls, briefly understand the categories of firewalls and introduce the similarities and differences between the categories. According to the different functions and mechanisms provided by firewalls, they are divided into the following categories:

Get 100% accurate CCIE/ CCNP/CCNA/HCIE dumps in IELAB .

1.Circuit-level firewall

This type of firewall is usually used as a relay for TCP connections, intercepting TCP that attempts to connect to the main sentence they protect, and replacing the host to complete the three-way handshake process. After the connection is established, the corresponding traffic is allowed to pass through the firewall and reach the host. Circuit-level firewalls do not audit the data in the data packets and any other information, so they are very fast. This type of firewall actually only guarantees that the TCP handshake has been completed before a connection is allowed.

2. Proxy firewall

The proxy firewall, as the name implies, can respond in place of applications. The proxy server firewall completes its work by inspecting packets at the application layer, intercepting the requests sent by the applications behind them, and performing the requested functions on behalf of the requested applications, and then forwarding the results to the requesting application. In this way, secure access is achieved. But this powerful ability to process packets at higher layers of the protocol stack will slow down the proxy server.

3. Stateless packet filter firewall

A stateless packet filter is a fairly simple device located on the periphery of the network. It allows some packets to pass according to a set of rules, while blocking other packets. This decision is made based on the address information in the network layer protocol (such as IP), but in some cases it is based on the information contained in the transport layer protocol (such as TCP header or UDP header).

Get 100% accurate CCIE/ CCNP/CCNA/HCIE dumps in IELAB .

4. Stateful packet filter firewall

Compared with a stateless packet filter firewall, this type of firewall can block almost all traffic, but allows the return traffic of the traffic generated by the device behind the firewall to pass through. This goal is achieved by maintaining a record of connections to the transport layer, which is established by hosts behind the firewall through stateful packet filters. Most firewalls now use this mechanism.

Stateful packet filters are able to track various information grouped by them, which includes

Source/destination TCP and UDP port numbers

TCP serial number

TCP tag

TCP session state based on RFCed TCP state machine

Timer-based UDP traffic tracking

IE-LAB provides valid materials(accurate dumps) to help you pass your CCIE. For the written, we have valid workbooks that cover all real exam questions. You can easily pass the exam, usually 7 days’ preparation in enough. For the Lab exam, we will offer valid workbooks(real exam), rack which is the same as real exam, one to one support, professional tutor and timely update.

This article is exclusively published by James from IELAB.NETWORK and cannot be reproduced without permission.

We have huge promotion going on right now, this is your best chance to get accurate written and lab materials.

Get any two Cisco written dumps for 150USD only.

Deposit 150USD now and enjoy 50% off for CCIE next-level lab.

Get 100% accurate CCIE/ CCNP/CCNA/HCIE dumps in IELAB .

Please follow us if you like our articles.

visit us: http://ielab.network

Facebook : https://www.facebook.com/ielab.network/

Linkedin: https://www.linkedin.com/company/ielabnetwork/

WhatsApp: +8617782638871



error: Content is protected !!
× How can I help you?