- Click on link below or copy it into your browser and find video.
- Watch video.
- Read text below.
- Listen and read. Repeat.
- Watch video again without text.
So, before we continue our discussion about PSS, let’s talk about a firewall verses a router. Every firewall is a router, but not every router is a firewall. Let’s say, for instance, you have a network with four networks, network A, B, C and D.
Now, let’s say data is coming in on network D. A router’s job is to decide which network or which port or which interface that data should go. And it does that by doing a look up on what’s called its routing table. So, the router keeps a list of the networks…It keeps a list of which network goes out of which network card or which network interface.
So, data comes in on network D, it consults its routing table, makes a routing decision, sends it out the right port. So, let’s say network C. Data comes in, look up, network C. Or data comes into network B, does a look up, go out network A.
A firewall does something similar. But when data comes in, it doesn’t just consult its routing table, it checks its state table, checking the state of the connection. So, the firewall would check, “Is this a new connection? Is this an existing connection? If it is an existing connection, is the connection too old?” So, the firewall has another layer of checking before it makes a routing decision.
So, let’s say this is the internet up here. Data comes in from the internet. On most firewalls, this would be automatically blocked, and the packet would be rejected or dropped.
Let’s say this is on the inside going out. For most basic firewalls, the data would come in – it allows data to come in. It checks the state table, then the routing table and sends it out.
So, a firewall does one extra check. It checks the routing table, but first it checks the state table to see the state of the connection.