Stateful vs Stateless Firewalls - You NEED to know the difference

As a Networks instructor, I see that this video is helpful and professional. 20/20

I've looked up this stateless vs stateful subject many times before and nowhere has it been explained better than in this video! Brilliant job, thank you!

Brilliant video, broken down each and every part very detailed and straight to the point.

Thanks for the amazing work you're putting in !

what a fantastic explanation along with slides. Thank u very much

I've been in network security for sometime now, and this is one of the best ways I've seen this explained. Great work!

- When you make a connection using TCP each side is sending IP packets to each other. TCP is layer 4 protocol which runs on top of IP and adds error correction and ports.
- Each connection by a user via client to an application on a server consists of two parts- the request (initiation) and the response which are two parts of the same interaction
- client picks a temporary (ephemeral) port as its source which has a value between 1024 and 65536. Then the client initiates a connection to the server using a well known destination port 443 - https. Well known ports are associated with popular applications. This is the request part. The client asking for something from the server.
- Next the server responds with some type of data. The server connects to the source IPof the request which is the clien. It connects to the client's port which is an ephemeral port. This is the response part. It is from the server on that well known port 443 to the client on the ephemeral port chosen by the client
- It is is this values that uniquely identify a connection - source Ip and source port, and destination IP and destination port.
- Each interaction/connection comprises of a request part and response component. The directionality of the transmission depends on the node's perspective. The direction of a request or response isnt always outbound or inbound. There are outgoing requests, outgoing responses, incoming requests and incoming responses. Some servers can have all, like web servers, where the both initiate and accept connections. For every connection start with the request and the response will be the inverse
- When the client initiates a request, packets are sent to the server with a source IP and source port of the client and destination IP and destination port of the server. This request is an outbound request from the client perspective and an inbound request from the server perspective
- Firewalls require consideration of perspective - directionality when defining rules for connections. The response is always inverse direction to the request - source IP, source port and destination IP and destination port switch.
- Stateless firewalls see the request and response as separate activities. Allowing or denying them is done individually so there are two separate rules required one for the request and another for the response. Therefore more management overhead with more rules required per connection
- The request component is always going to be to a well know port. The response is always going to be from a server to a client going to a random ephemeral port chosen by the client's OS. And because the firewall is stateless it has no way of knowing which specific port the response is destined for. Therefore in the firewall rules traffic in the full range of ephemeral ports must be allowed which isn't ideal for security engineers.
- Stateful firewalls are intelligent enough to identify the response component from it's request component. By comparing the ports and IP of the request and response and if they're the same it can link them to each other. Therefore, for a specific request the stateful firewall automatically knows which data is the response and automatically allows it. Therefore only one rule required for stateful firewalls which is for allowing/denying the request and the response is automatically allowed/denied significantly reducing admin overhead. In addition there's no need to allow traffic for the entire ephemeral port range as the firewall knows the specific ephemeral port for the connection

Best explanation ever. Clarity pro max!

What a great explanation! Great job!!

Excellent video and explanation. You have cleared up so many topics for me.

Well articulately explained. Also quickly refreshed some of the Network layer concepts before diving into the topic, this is something I always wanted.

Oh this explaination is excellent and helps a lot

Excellent Explanation, I'm still learning a lot but this is spot on and really breaks it down for me to understand. Thank you.

Good slides, good explanations, good video. Thanks for making me smarter.

Literally, brilliant way to teach.
Thanks ❤

Great job, very educational!

Fantastic explanation!

well explained..thanks a lot!

Very simple explanation. Thank you!

Very clear explanation and incredibly helpful. One thing that still confuses me is the ‘overhead’ part which you say is lower on stateful firewalls. Since they record the state of a connection whereas a stateless firewall doesn’t; it’s more intuitive for me to say that a stateless firewall therefore needs less memory and has less overhead as a consequence. But I’m probably mistaken one concept for the other.

Great animation and explanation. Thanks!

Amazing explanation. Just amazing

Great Video understandable.You are doing well at teaching

Thanks again for the great video 😀😀😀

Very good explanation

Excellent! Would you be able to point me to the "next video" that helps explain AWS State/Stateless that you mentioned?

This is video is 10/10 🎉🎉 appreciate the effort ❤ U got a new sub

Great video, subscribed and liked. Just curious wouldn't modern systems only use the ranges of 49152 to 65535 as their ephemeral ports?

Excellent, thank you

Wow, super explained recommended

video starts at 8:20 if you already know the basics of what a firewall is.

holy hell!! this ws explained very well. subbed!!

It’d be a crime to follow, like and comment.
Thank you for a Job well done!

one of the best. thanks

great video!

Nice articulated 😊

Very well explained video and excellently well illustrated to boot - I would say one thing and thats the use of the ephemeral port numbers which are the same as the IP of the target which threw me for a second as confusing but maybe might mislead others into thinking the port number somehow defaults to the IP of the target which it wouldnt i suspect? Loved the video as my go to explainer for people and myself when i have to jog the grey matter.

Great video! I am looking to block inbound SMB port 445 across Windows workstations in my environment. If I leave workstations with the ability to make an outbound SMB connection to a printer server and allow the print/file server inbound SMB allow access, will the computers still be able to communicate with the server back and forth (outbound + inbound) even though there is a deny rule on incoming SMB connections? How will the Firewall know which to choose since the rules are almost conflicting, is it going to choose the automatic deny?

Hey There. Im taking your AWS Solutions Architect - Professional course. It has been a great experience. I am stuck on one demo because I need to increase my vCPU limit to create an EC2. Currently my vCPU limit is 8. How do I increase it and how much should i increase it

great, thanks

Satisfactory ❤

super helpful. Thanks for this. What do you use to create these diagrams? If you don't mind sharing.

Super presentation

Thank you

you are the man
baruch hashem

I think AWS security group acts like a Stateful firewall? Am I correct?

Thanks

Legend!

❤❤❤

Then why would people opt to use stateless firewalls instead of stateful firewalls?

waiting for layer 6 and 7

Nobody does it better...

good video, but to put it clearer , if the packet go to the router, INBOUND, if they leave OUTBOUND. it is the perspective of the router.

WTF 😳 my brain exploded , couldn’t understand anything. Pls simplify next time.