|
Firewall Wizards
mailing list archives
Re: Firewall rules order and performance
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Thu, 30 Jul 2009 03:49:20 -0400
Eric Gearhart wrote:
makes it sound like the term started with "packet filter," then
evolved to stateful packet inspection, then the third generation of
the term evolved into your definition...
Wikipedia has it wrong. First was some packet filtering. Then,
it appears Dave Presotto at Bell Labs started at layer-7 with
circuit relays. Cisco added "established" to IOS - is that
"stateful" or not? Man in the middle layer-7 proxies came next,
then Geoff Mulligan at Sun and Bob Braden at ISI started on
"Sunscreen" and "Visas", respectively. "Stateful packet
inspection" a la Checkpoint didn't enter the scene until
relatively late. Sunscreen was already selling poorly but
in the market, and the proxy firewall vendors - DEC/Altavista,
Raptor, TIS, ANS, Milky Way, and Harris - were selling the hell
out of layer-7 solutions.
mjr.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- Re: Firewall rules order and performance, (continued)
Re: Firewall rules order and performance Marcus J. Ranum (Jul 21)
|
Intro
