Hi all, when people say firewalls can check down to application level, does this mean by port number or by type of application, as I thought port numbers are generally related to an application, in this case wont an access list do the same job ?
An application layer firewall will usually look much deeper into the packet than a simple access list will. For example a properly configured application layer firewall may filter out traffic masqurading as legitimate traffic by use of a well known port. Back channel traffic can essentially be 'tunneled' over port 80 if your access list allows it. I can set up ssh to use port 80 to connect if the server is set up for it. A good application firewall should detect that ssh is not a valid application for port 80 and drop it.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.