Another way to look at Firewalls is by considering how intelligently they handle traffic. Just as no one expects to get top of the line performance from a Yugo, no one should expect to get intelligent data handling from low cost software only or appliance Firewalls.

All Firewalls can block certain types of traffic from entering or exiting a site. For example, FTP is an underlying mechanism that can move information from one machine to another. It is almost universally available on all computers.

From least intelligent to most intelligent, the rules that can be constructed on a firewall may translate into the following:

• Block FTP traffic.
• Block FTP inbound traffic, but allow FTP outbound traffic.
• Block FTP in, allow FTP out, but only for traffic initiated by these specific internal computers.
• Block FTP in, allow FTP out, for specific internal computers to specific external computers.
• Block FTP in, allow FTP out, for specific internal computers to specific external computers, and only for a certain type of FTP traffic.

You get the idea. The more intelligent the firewall, the finer the criteria can be specified to either block or allow communications to occur.

Stateful inspection provides the ability to tie together what would otherwise be unrelated communications to allow the firewall to operate at a higher level than the brute force acceptance or rejection of traffic based on low-level criteria. Many things in life can provide an analogous situation. Just as a car is more than a collection of the raw materials steel, rubber and glass, stateful inspection is more than simply accepting or rejecting traffic. Stateful inspection provides a framework from which to view an Internet conversation between computers and make decisions about that conversation at a higher level.