Firewall Overview
Platform Requirements
License Requirements
Supported Features
Protection against Denial-of-Service Attacks
Types of Denial-of-Service Attacks
Protection against Port Scanning
Application-level Gateway Support
PPTP ALG Support
TFTP ALG Support
Stateful Packet Inspection and Filtering Support
Stateless Packet Inspection and Filtering Support
Host Pool, IMSI Pool, and Port Map Support
Host Pool Support
Flow Recovery Support
SNMP Thresholding Support
Logging Support
How Personal Stateful Firewall Works
IMPORTANT:
IMPORTANT:
Disabling Firewall Policy
IMPORTANT:
Mid-session Firewall Policy Update
Understanding Rules with Stateful Inspection
Connection State and State Table in Personal Stateful Firewall
Transport and Network Protocols and States
TCP Protocol and Connection State
State Flag | Description |
---|---|
TCP (Establishing Connection)
|
|
CLOSED
|
A “non-state” that
exists before a connection actually begins.
|
LISTEN
|
The state a host is in waiting for a request to start a connection. This is the starting state of a TCP connection. |
SYN-SENT
|
The time after a host
has sent out a SYN packet and is waiting for the proper SYN-ACK
reply.
|
SYN-RCVD
|
The state a host is
in after receiving a SYN packet and replying with its SYN-ACK reply.
|
ESTABLISHED
|
The state a host is
in after its necessary ACK packet has been received. The initiating
host goes into this state after receiving a SYN-ACK.
|
TCP (Closing Connection)
|
|
FIN-WAIT-1
|
The state a connection
is in after it has sent an initial FIN packet asking for a graceful
termination of the TCP connection.
|
CLOSE-WAIT
|
The state a host’s
connection is in after it receives an initial FIN and sends back an
ACK to acknowledge the FIN.
|
FIN-WAIT-2
|
The connection state
of the host that has received the ACK response to its initial FIN,
as it waits for a final FIN from its connection peer.
|
LAST-ACK
|
The state of the host
that just sent the second FIN needed to gracefully close the TCP
connection back to the initiating host while it waits for an acknowledgement.
|
TIME-WAIT
|
The state of the initiating
host that received the final FIN and has sent an ACK to close the
connection and waiting for an acknowledgement of ACK from the connection
peer. Note that the amount of time the TIME-STATE is defined to
pause is equal to the twice of the Maximum Segment Lifetime (MSL),
as defined for the TCP implementation.
|
CLOSING
|
A state that is employed
when a connection uses the unexpected simultaneous close.
|
UDP Protocol and Connection State
ICMP Protocol and Connection State
Application-Level Traffic and States
HTTP Application and State
PPTP Application and State
TFTP Application and State
File Transfer Protocol and State