P-660HWP-Dx Support Notes
All contents copyright © 2007 ZyXEL Communications Corporation.
25
communicate with secure systems by mean of a proxy. A key drawback of this
device is performance.
Stateful Inspection Firewalls restrict access by screening data packets against
defined access rules. They make access control decisions based on IP
address and protocol. They also 'inspect' the session data to assure the
integrity of the connection and to adapt to dynamic protocols. The flexible
nature of Stateful Inspection firewalls generally provides the best speed and
transparency, however, they may lack the granular application level access
control or caching that some proxies support.
4.
What kind of firewall is the P-660HWP-Dx?
1. The P-660HWP-Dx's firewall inspects packets contents and IP headers.
It is applicable to all protocols, that understands data in the packet is
intended for other layers, from network layer up to the application layer.
2. The P-660HWP-Dx's firewall performs stateful inspection. It takes into
account the state of connections it handles so that, for example, a
legitimate incoming packet can be matched with the outbound request
for that packet and allowed in. Conversely, an incoming packet
masquerading as a response to a nonexistent outbound request can be
blocked.
3. The P-660HWP-Dx's firewall uses session filtering, i.e., smart rules, that
enhance the filtering process and control the network session rather
than control individual packets in a session.
4. The P-660HWP-Dx's firewall is fast. It uses a hashing function to search
the matched session cache instead of going through every individual
rule for a packet.
5. The P-660HWP-Dx's firewall provides email service to notify you for
routine reports and when alerts occur.
5.
Why do you need a firewall when your router has packet filtering and
NAT built-in?
With the spectacular growth of the Internet and online access, companies that
do business on the Internet face greater security threats. Although packet filter
and NAT restrict access to particular computers and networks, however, for
the other companies this security may be insufficient, because packets filters
typically cannot maintain session state. Thus, for greater security, a firewall is
considered.