Hi, Reading through the discussions in the past, I have following questions 1)How are Stateful packet filters that do include randomized sequence numbers in the table different from the full blown stateful inspection firewalls. 2)Where does content filtering come into the picture? Is it checking the payload or checking the formating of the protocol? I heard PIX allowed telnet traffic pass through port 80 disguised as http because it did not check the protocol structure. Chkpt blocked it though. 3)What does it mean when we say that XYZ protocols are supported? Does it mean that for those protocols firewalls does application level inspection(like proxy) and has the intelligence to understand different sessions associated with it. 4) So then is it not like adaptive-proxy mechanism of gauntlent which jumps to application level only when needed. CheckPoint if is truly stateful, does it do all seven layers of inspection for all the traffic? I may be alluding to more that one issues here. your comments would greatly help me sort these. TIA, Renu __________________________________________________ Do You Yahoo!? Kick off your party with Yahoo! Invites. http://invites.yahoo.com/ - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
