{"id":34020,"date":"2024-02-14T19:00:54","date_gmt":"2024-02-14T19:00:54","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=34020"},"modified":"2024-02-23T15:49:40","modified_gmt":"2024-02-23T15:49:40","slug":"what-is-stateful-inspection","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/","title":{"rendered":"What Is Stateful Inspection in Network Security? Ultimate Guide"},"content":{"rendered":"\n<p>Stateful inspection is a firewall feature that filters data packets based on the context of previous data packets. This important feature uses header information from established communication connections to improve overall security. An understanding of how stateful inspection works, the key pros and cons, and its use cases provides important insight into how stateful inspection can be used successfully in a security stack.<\/p>\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_68_1 ez-toc-wrap-left counter-flat ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-66d6ff38b3ea2\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-66d6ff38b3ea2\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#How-Does-Stateful-Inspection-Work\" title=\"How Does Stateful Inspection Work?\">How Does Stateful Inspection Work?<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#Use-Cases-for-Stateful-Inspection\" title=\"Use Cases for Stateful Inspection\">Use Cases for Stateful Inspection<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#5-Advantages-of-Stateful-Inspection\" title=\"5 Advantages of Stateful Inspection\">5 Advantages of Stateful Inspection<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#5-Disadvantages-of-Stateful-Inspection\" title=\"5 Disadvantages of Stateful Inspection\">5 Disadvantages of Stateful Inspection<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#Stateful-Inspection-vs-Other-Firewall-Features\" title=\"Stateful Inspection vs Other Firewall Features\">Stateful Inspection vs Other Firewall Features<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#Bottom-Line-Stateful-Inspection-Begins-Communication-Protection-Processes\" title=\"Bottom Line: Stateful Inspection Begins Communication Protection Processes\">Bottom Line: Stateful Inspection Begins Communication Protection Processes<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"How-Does-Stateful-Inspection-Work\"><\/span>How Does Stateful Inspection Work?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Stateful inspection reads and stores header information from established communication protocols. The stored information informs the state or condition of communication at any given time. The packet context based on the communication history and the stored state information then provides the circumstances and conditions to use more complex <a href=\"https:\/\/www.esecurityplanet.com\/networks\/firewall-rules\/\">firewall filtering rules<\/a> to validate legitimate packets and block attacks attempting to corrupt protocols.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Packet State<\/h3>\n\n\n\n<p>A packet state indicates the current status of a communication connection. Each time two computers begin communicating, they exchange information to establish the connection and subsequently the header of each data packet contains information about the specific connection.<\/p>\n\n\n\n<p>Stateful inspection primarily operates on the transport control protocol (TCP) used in critical and fundamental protocols such as file transfer protocol (FTP) and secure web browsing (HTTPS). The TCP state changes for each stage of communication by using synchronization (SYN), acknowledgement (ACK), finish (FIN), and data packets between the initiating device and the second device receiving the communication, as outlined in the table below:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Initiating Device State<\/th><th>Second Device State<\/th><th>Packet&nbsp;<\/th><th>Purpose &amp; Effect<\/th><\/tr><\/thead><tbody><tr><td>Closed<\/td><td>Listen<\/td><td>&lt;no packet&gt;<\/td><td>Initial state status<\/td><\/tr><tr><td>Syn_Sent<\/td><td>Listen<\/td><td>SYN<\/td><td>Initiating device sends a SYN request to initiate communication<\/td><\/tr><tr><td>Syn_Sent<\/td><td>Syn_Recd<\/td><td>SYN+ACK<\/td><td>The second device sends a SYN and an ACK response to establish communication&nbsp;<\/td><\/tr><tr><td>Established<\/td><td>Syn_Recd<\/td><td>ACK<\/td><td>Initiating device sends an ACK response to confirm communication<\/td><\/tr><tr><td>Established<\/td><td>Established<\/td><td>&lt;no packet&gt;<\/td><td>Second device receives initial ACK<\/td><\/tr><tr><td>Established<\/td><td>Established<\/td><td>&lt;data packet with first sequence number&gt;&nbsp;<\/td><td>Initiating device sends first data<\/td><\/tr><tr><td>Established<\/td><td>Established<\/td><td>ACK (with first sequence number)<\/td><td>Second device sends ACK to confirm receipt of the first data packet&nbsp;<\/td><\/tr><tr><td>Established<\/td><td>Established<\/td><td>&lt;data packets increment sequence number as needed&gt; &amp; ACK responses<\/td><td>Both devices can now send data with incrementing sequence numbers, each confirmed by an ACK response&nbsp;<\/td><\/tr><tr><td>FinWait_1<\/td><td>Established<\/td><td>FIN<\/td><td>Initiating device attempts to end communication with a FIN packet<\/td><\/tr><tr><td>FinWait_1<\/td><td>CloseWait<\/td><td>ACK<\/td><td>Second device acknowledges FIN request<\/td><\/tr><tr><td>FinWait_2<\/td><td>Last_ACK<\/td><td>FIN<\/td><td>Second device also sends a FIN request to end communication<\/td><\/tr><tr><td>TimeWait or Closed<\/td><td>Last_ACK<\/td><td>ACK<\/td><td>Initiating device sends final FIN request acknowledgement&nbsp;<\/td><\/tr><tr><td>TimeWait or Closed<\/td><td>Closed or Listen<\/td><td>&lt;no packet&gt;<\/td><td>Both devices end communication&nbsp;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Packet Context<\/h3>\n\n\n\n<p>Packet context compares the information in each data packet header against the communication state based upon IP address, sequence code, port number request, and protocol. The stateful inspection allows expected packets and blocks unexpected packets that conflict with the communication state.<\/p>\n\n\n\n<p>For example, a firewall performing stateful inspection may be tracking an active FTP transfer with the FTP server and show a network laptop in a Listen or Closed status. The firewall allows ACK or FIN packets sent to the active FTP connection (with the correct IP sender and receiver, protocol, port, and sequence number) but won\u2019t expect and therefore drops any ACK or FIN packet sent to the laptop.<\/p>\n\n\n\n<p>Stateless protocols (UDP, HTTP, etc.) don\u2019t use sequences or acknowledgements, but the firewall or other device performing stateful inspection can still store information regarding ports, device profiles, and sending or receiving IP addresses. This pseudo-stateful condition lacks the same security detail, yet still provides effective defense against some attacks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">What Stateful Inspection Defends Against<\/h3>\n\n\n\n<p>Stateful inspection protects network assets against attacks that attempt to corrupt or abuse processes such as TCP or Domain Name Service (DNS) that don\u2019t check context when they receive data packet instructions. The state and context information saved by the firewall or other device performing stateful inspection provides the context used to block <a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-prevent-dns-attacks\/\">DNS spoofing<\/a> and <a href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-ddos-attacks\/\">distributed denial of service (DDoS) attacks<\/a>.<\/p>\n\n\n\n<p>For example, DNS stores the IP addresses associated with URLs such as eSecurityPlanet.com, but attackers understand many DNS implementations fail to check for valid requests. Attackers send unsolicited answers (DNS spoofing) with incorrect information such as an unsolicited response with the IP address for URHacked.ru instead of eSecurityPlanet.com. Stateful inspection would block these unsolicited attempts that don\u2019t match open DNS inquiries.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"897\" src=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/ESP_WhatIsStatefulInspectioninNetworkSecurity_2024_DA_rnd2-1024x897.png\" alt=\"How Stateful Inspection Blocks Basic DNS Spoofing Attacks\" class=\"wp-image-34168\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/ESP_WhatIsStatefulInspectioninNetworkSecurity_2024_DA_rnd2-1024x897.png 1024w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/ESP_WhatIsStatefulInspectioninNetworkSecurity_2024_DA_rnd2-300x263.png 300w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/ESP_WhatIsStatefulInspectioninNetworkSecurity_2024_DA_rnd2-768x672.png 768w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/ESP_WhatIsStatefulInspectioninNetworkSecurity_2024_DA_rnd2-1536x1345.png 1536w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/ESP_WhatIsStatefulInspectioninNetworkSecurity_2024_DA_rnd2-2048x1793.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Use-Cases-for-Stateful-Inspection\"><\/span>Use Cases for Stateful Inspection<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Check Point Technologies developed stateful inspection to advance <a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-firewalls\/\">network firewalls<\/a> and provide more sophisticated defense against common attacks. However, some <a href=\"https:\/\/www.esecurityplanet.com\/networks\/host-based-firewall\/\">host-based firewalls<\/a>, gateways, and specialized equipment also incorporate stateful inspection for specific security use cases to hide high-value assets or block DDoS attacks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Network Security<\/h3>\n\n\n\n<p>Stateful inspection improves general <a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-security\/\">network<\/a> and <a href=\"https:\/\/www.esecurityplanet.com\/cloud\/what-is-cloud-security\/\">cloud security<\/a> for all assets screened by the feature. Previously, rules could only view each packet individually and apply static rules. Adding the state and context for each communication channel creates opportunities to apply dynamic rules that detect and block unsolicited, anomalous, and some types of malicious communication.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Discovery Prevention<\/h3>\n\n\n\n<p>Firewalls can establish rules to block any communication originating outside of a network segment or a cloud environment unless it comes from specifically allowed devices (aka allowlist or whitelist). The stateful inspection drops an attacker\u2019s attempts to learn about high-value assets, such as database servers, using common network exploration tools such as ping or <a href=\"https:\/\/www.esecurityplanet.com\/products\/nmap\/\">Nmap<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Server DDoS Protection<\/h3>\n\n\n\n<p>A common DDoS attack uses spoofed TCP packets to overwhelm a server. TCP lacks stateful checks so a DDoS attacker might send a large number of unsolicited SYN-ACK responses and a server would tie up resources attempting to match the packets to open communication. A stateful packet inspection tracks open communication and quickly drops the packets from this and many other similar types of attacks.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"5-Advantages-of-Stateful-Inspection\"><\/span>5 Advantages of Stateful Inspection<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Stateful inspection provides five distinct security improvements for all <a href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/\">types of firewalls<\/a> based upon the applied context of communication history:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Advanced rules:<\/strong> Enables more detailed rules that incorporate identity, connection state, and application into consideration to allow or deny the communication data packet.<\/li>\n\n\n\n<li><strong>Dynamic inspection:<\/strong> Adapts policies to the context of each communication session based on previous packet analysis and recorded experiences with the IP address.<\/li>\n\n\n\n<li><strong>Enhanced protection:<\/strong> Catches more DDoS, <a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-prevent-dns-attacks\/\">Domain Name Service (DNS) spoofing<\/a>, and similar types of attacks that attempt to fool vulnerable processes.<\/li>\n\n\n\n<li><strong>Improved flexibility:<\/strong> Applies advanced rules and dynamic inspections to enable a robust decision making process that can quickly adjust to block perceived threats.<\/li>\n\n\n\n<li><strong>Robust logging:<\/strong> Provides more detailed context and packet information in the produced log records to improve incident response, threat analysis, and forensic investigation.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"5-Disadvantages-of-Stateful-Inspection\"><\/span>5 Disadvantages of Stateful Inspection<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Although stateful inspection provides many advantages, the feature can\u2019t provide foolproof security due to its weaknesses:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Communication breakdown:<\/strong> Introduces errors for certain categories of communication such as asymmetric routing that uses different paths or slow connections.<\/li>\n\n\n\n<li><strong>Increased complexity:<\/strong> Requires more complex rules to flexibly handle multiple conditions and combinations, which can leave security gaps or cause rule conflicts.<\/li>\n\n\n\n<li><strong>Resource intensiveness:<\/strong> Needs more resources to store states on past and continuing communication connections as well as to continue to perform analysis and apply rules.<\/li>\n\n\n\n<li><strong>Security vulnerabilities:<\/strong> Remains weak to various spoofing attacks, can\u2019t recognize application attacks, and doesn\u2019t inspect packet contents for potential malware.<\/li>\n\n\n\n<li><strong>Slowed traffic:<\/strong> Takes more time to store state information and perform packet filtering compared to the simple rule processing of stateless packet inspection.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Stateful-Inspection-vs-Other-Firewall-Features\"><\/span>Stateful Inspection vs Other Firewall Features<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Stateful inspection provides a powerful tool implemented in most firewalls, but most admins will combine stateful inspection with other firewall capabilities to maximize both security and operations benefits. Here\u2019s a brief comparison against other firewall features that provide different capabilities:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Stateful vs Stateless Inspection<\/h3>\n\n\n\n<p>All packet inspections fall into either stateful or stateless inspection. Stateful packet inspection retains information regarding established connections to greatly improve security but also requires more resources and processing power. Use stateless packet filtering features or firewalls to rapidly drop packets based on simple rules to reduce the traffic subjected to the more complex stateful analysis.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Stateful vs Deep Packet Inspection<\/h3>\n\n\n\n<p>Stateful inspections examine the communication information contained in data headers to quickly drop easily detected malicious packets. Add deep packet inspection features to <a href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/\">next-generation firewalls<\/a> to examine the data contents of the remaining packets and provide additional protection such as blocking malware deliveries within established HTTPS connections.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Stateful vs Proxy Filtering<\/h3>\n\n\n\n<p>Stateful inspections examine, but don\u2019t alter, communication connections between two devices, which enables external attackers to probe the network. Establish additional proxy capabilities used in circuit level gateways or application layer gateways to establish separate connections between the firewall and each device. This additional filtering blocks asset discovery and enables additional opportunities to detect malicious intent without slow deep packet inspection.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Bottom-Line-Stateful-Inspection-Begins-Communication-Protection-Processes\"><\/span>Bottom Line: Stateful Inspection Begins Communication Protection Processes<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Stateful inspection significantly improves security protection for network communication but can\u2019t provide protection against all attacks. Even when combined with other strong features such as packet filtering, or deep packet inspection, firewalls only provide an initial layer of defense that requires other layers of defense to adequately reduce attack risk.<\/p>\n\n\n\n<p><strong>To strengthen security, learn more about other network security solutions such as <a href=\"https:\/\/www.esecurityplanet.com\/products\/intrusion-detection-and-prevention-systems\/\">intrusion detection and prevention systems<\/a> (IDPS) that monitor and detect potential attacks within network communication traffic.<\/strong><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6ff38b0dcc-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6ff38b0dcc\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6ff38b0dcc\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6ff38b0dcc\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6ff38b0dcc\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6ff38b0dcc\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6ff38b0dcc\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Stateful inspection is a core feature of most firewalls. Discover what stateful inspection is in network security now.<\/p>\n","protected":false},"author":271,"featured_media":34021,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[14],"tags":[2369,3790,8584,32035,3414,32038],"b2b_audience":[],"b2b_industry":[],"b2b_product":[395],"class_list":["post-34020","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networks","tag-cloud-security","tag-cybersecurity","tag-firewall","tag-firewall-feature","tag-network-security","tag-packet-inspection","b2b_product-firewalls-and-intrusion-prevention-and-detection"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What Is Stateful Inspection in Network Security? Ultimate Guide<\/title>\n<meta name=\"description\" content=\"Stateful inspection is a core feature of most firewalls. Discover what stateful inspection is in network security now.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Is Stateful Inspection in Network Security? Ultimate Guide\" \/>\n<meta property=\"og:description\" content=\"Stateful inspection is a core feature of most firewalls. Discover what stateful inspection is in network security now.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-14T19:00:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-23T15:49:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240214-what-is-stateful-inspection.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Chad Kime\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chad Kime\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/\"},\"author\":{\"name\":\"Chad Kime\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9\"},\"headline\":\"What Is Stateful Inspection in Network Security? Ultimate Guide\",\"datePublished\":\"2024-02-14T19:00:54+00:00\",\"dateModified\":\"2024-02-23T15:49:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/\"},\"wordCount\":1560,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240214-what-is-stateful-inspection.png\",\"keywords\":[\"cloud security\",\"cybersecurity\",\"firewall\",\"firewall feature\",\"network security\",\"packet inspection\"],\"articleSection\":[\"Networks\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/\",\"name\":\"What Is Stateful Inspection in Network Security? Ultimate Guide\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240214-what-is-stateful-inspection.png\",\"datePublished\":\"2024-02-14T19:00:54+00:00\",\"dateModified\":\"2024-02-23T15:49:40+00:00\",\"description\":\"Stateful inspection is a core feature of most firewalls. Discover what stateful inspection is in network security now.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240214-what-is-stateful-inspection.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240214-what-is-stateful-inspection.png\",\"width\":1400,\"height\":900,\"caption\":\"Image: Sk\u00f3rzewiak\/Adobe Stock\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Is Stateful Inspection in Network Security? Ultimate Guide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9\",\"name\":\"Chad Kime\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg\",\"caption\":\"Chad Kime\"},\"description\":\"eSecurity Planet lead writer Chad Kime covers a variety of security, compliance, and risk topics. Before joining the site, Chad studied electrical engineering at UCLA, earned an MBA from USC, managed 200+ ediscovery cases, and helped market a number of IT and cybersecurity products, then transitioned into technical writing policies and penetration test reports for MSPs and MSSPs. In his free time, Chad enjoys walks on the beach with his wife, annoying his children, and trying to carve out time for movies, books, video games, and bike rides.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Is Stateful Inspection in Network Security? Ultimate Guide","description":"Stateful inspection is a core feature of most firewalls. Discover what stateful inspection is in network security now.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/","og_locale":"en_US","og_type":"article","og_title":"What Is Stateful Inspection in Network Security? Ultimate Guide","og_description":"Stateful inspection is a core feature of most firewalls. Discover what stateful inspection is in network security now.","og_url":"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/","og_site_name":"eSecurity Planet","article_published_time":"2024-02-14T19:00:54+00:00","article_modified_time":"2024-02-23T15:49:40+00:00","og_image":[{"width":1400,"height":900,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240214-what-is-stateful-inspection.png","type":"image\/png"}],"author":"Chad Kime","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Chad Kime","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/"},"author":{"name":"Chad Kime","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9"},"headline":"What Is Stateful Inspection in Network Security? Ultimate Guide","datePublished":"2024-02-14T19:00:54+00:00","dateModified":"2024-02-23T15:49:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/"},"wordCount":1560,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240214-what-is-stateful-inspection.png","keywords":["cloud security","cybersecurity","firewall","firewall feature","network security","packet inspection"],"articleSection":["Networks"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/","url":"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/","name":"What Is Stateful Inspection in Network Security? Ultimate Guide","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240214-what-is-stateful-inspection.png","datePublished":"2024-02-14T19:00:54+00:00","dateModified":"2024-02-23T15:49:40+00:00","description":"Stateful inspection is a core feature of most firewalls. Discover what stateful inspection is in network security now.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240214-what-is-stateful-inspection.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240214-what-is-stateful-inspection.png","width":1400,"height":900,"caption":"Image: Sk\u00f3rzewiak\/Adobe Stock"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-stateful-inspection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"What Is Stateful Inspection in Network Security? Ultimate Guide"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9","name":"Chad Kime","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg","caption":"Chad Kime"},"description":"eSecurity Planet lead writer Chad Kime covers a variety of security, compliance, and risk topics. Before joining the site, Chad studied electrical engineering at UCLA, earned an MBA from USC, managed 200+ ediscovery cases, and helped market a number of IT and cybersecurity products, then transitioned into technical writing policies and penetration test reports for MSPs and MSSPs. In his free time, Chad enjoys walks on the beach with his wife, annoying his children, and trying to carve out time for movies, books, video games, and bike rides.","url":"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/34020"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/271"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=34020"}],"version-history":[{"count":4,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/34020\/revisions"}],"predecessor-version":[{"id":34170,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/34020\/revisions\/34170"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/34021"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=34020"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=34020"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=34020"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=34020"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=34020"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=34020"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}