Stateful Dynamic Packet Filtering

Packet filtering refers to a firewall's ability to examine IP packet headers to determine a source packet's origination or destination addresses and the network transport service used. Traditional packet filters are static and use rule sets to allow or deny packets based solely on header content. Stateful dynamic packet filtering goes beyond basic filtering technology: rules can be built dynamically depending on the conditions of the connection itself.

Dynamic rules support a highly sophisticated level of packet filtering. The WatchGuard® two-way packet filtering engine is one of the core features of the system. WatchGuard's stateful dynamic packet filtering provides an extremely powerful foundation for departmental or single-system firewalls aimed at safeguarding or restricting internal user access to critical systems. The base engine uses a pseudo-interpreter with a C-style scripting language that handles more complex functions as built-in keywords.