https://community.cisco.com/t5/network-security/differences-between-stateful-and-stateless-firewall/m-p/2915434#M171806 <P>Hi Yasir,</P> <P></P> <P><SPAN>Stateless firewalls (eg <G class="gr_ gr_309 gr-alert gr_gramm undefined Grammar multiReplace" id="309" data-gr-id="309">a l3</G> router )handle network <G class="gr_ gr_7 gr-alert gr_gramm gr_disable_anim_appear undefined Punctuation only-del replaceWithoutSep" id="7" data-gr-id="7">traffic,</G> and restrict or block packets based on source and destination addresses or other static values. They are not ‘aware’ of traffic patterns or data flows.</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>Stateful firewalls (eg ASA) maintains the state of the connection and 5 tuples for a particular flow: such as</SPAN></P> <P><SPAN></SPAN></P> <UL class="unIndentedList"> <LI>Source IP address</LI> <LI>Source port (typically: any)</LI> <LI>Destination IP address</LI> <LI>Destination port (80 or 443)</LI> <LI>Destination protocol (typically TCP)</LI> </UL> <P><SPAN></SPAN></P> <P><SPAN>If you want the device to be acting as a true firewall then stateful is any day better as it tracks the connection till layer 4 but it comes with an overhead as compared to stateless FW.</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN></SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>Regards,</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>Aditya</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>please rate helpful posts.</SPAN></P> <P><SPAN> </SPAN></P> Sat, 12 Mar 2016 06:59:36 GMT Aditya Ganjoo 2016-03-12T06:59:36Z https://community.cisco.com/t5/network-security/differences-between-stateful-and-stateless-firewall/m-p/2915433#M171803 <P>Differences between Stateful and stateless firewall..? which method is bettre and why..??</P> <P></P> Tue, 12 Mar 2019 07:28:33 GMT https://community.cisco.com/t5/network-security/differences-between-stateful-and-stateless-firewall/m-p/2915433#M171803 yasir shaikh 2019-03-12T07:28:33Z https://community.cisco.com/t5/network-security/differences-between-stateful-and-stateless-firewall/m-p/2915434#M171806 <P>Hi Yasir,</P> <P></P> <P><SPAN>Stateless firewalls (eg <G class="gr_ gr_309 gr-alert gr_gramm undefined Grammar multiReplace" id="309" data-gr-id="309">a l3</G> router )handle network <G class="gr_ gr_7 gr-alert gr_gramm gr_disable_anim_appear undefined Punctuation only-del replaceWithoutSep" id="7" data-gr-id="7">traffic,</G> and restrict or block packets based on source and destination addresses or other static values. They are not ‘aware’ of traffic patterns or data flows.</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>Stateful firewalls (eg ASA) maintains the state of the connection and 5 tuples for a particular flow: such as</SPAN></P> <P><SPAN></SPAN></P> <UL class="unIndentedList"> <LI>Source IP address</LI> <LI>Source port (typically: any)</LI> <LI>Destination IP address</LI> <LI>Destination port (80 or 443)</LI> <LI>Destination protocol (typically TCP)</LI> </UL> <P><SPAN></SPAN></P> <P><SPAN>If you want the device to be acting as a true firewall then stateful is any day better as it tracks the connection till layer 4 but it comes with an overhead as compared to stateless FW.</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN></SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>Regards,</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>Aditya</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>please rate helpful posts.</SPAN></P> <P><SPAN> </SPAN></P> Sat, 12 Mar 2016 06:59:36 GMT https://community.cisco.com/t5/network-security/differences-between-stateful-and-stateless-firewall/m-p/2915434#M171806 Aditya Ganjoo 2016-03-12T06:59:36Z