https://www.fortinet.com/resources/cyberglossary/stateful-vs-stateless-firewall
A firewall is an access control technology that secures a network by only allowing certain types of traffic to pass through them. The internet is filled with cyber threats and can only be safely accessed if certain types of data are kept out. Otherwise, malware could get into your network and then spread to the various devices connected to it.
Firewalls accomplish this control by inspecting data packets, which are basically collections of data that include instructions on how to handle the data as it travels to its destination. The data within the packets can be inspected by the firewall to see if it contains threats. Part of this process involves checking how the data should connect to and move through the network.
Whether it is how the data behaves or something within the data itself, a firewall can examine each packet and decide whether or not it poses a threat. Data being used by a malicious entity, once identified by the firewall, can be discarded, thus protecting the network.
There are several different kinds of firewalls. The organization’s firewall has to be chosen according to what works best for the company’s objectives. One type is a network firewall, which runs on network hardware. Another type is host-based, which runs on a host computer and filters network traffic from within that computing environment.
There are also next-generation firewalls (NGFWs) that empower you to inspect both data and applications, as well as incorporate intrusion prevention and web filtering during the inspection process.
A stateful firewall inspects everything inside data packets, the characteristics of the data, and its channels of communication. Stateful firewalls examine the behavior of data packets, and if anything seems off, they can filter out the suspicious data. Also, a stateful firewall can track how the data behaves, cataloging patterns of behavior.
If a data packet examination reveals suspicious behavior—even if that kind of behavior has not been manually inputted by an administrator—the firewall can recognize it and address the threat. A stateful firewall can be used at the edge of a network or within, as is the case with an internal segmentation firewall (ISFW), which protects specific segments of the network in the event malicious code gets inside.
Stateless firewalls make use of a data packet's source, destination, and other parameters to figure out whether the data presents a threat. These parameters have to be entered by either an administrator or the manufacturer via rules they set beforehand.
If a data packet goes outside the parameters of what is considered acceptable, the stateless firewall protocol will identify the threat and then restrict or block the data housing it.
Stateless firewalls make use of information regarding where a data packet is headed, where it came from, and other parameters to figure out whether the data presents a threat. These parameters have to be entered by either an administrator or the manufacturer via rules they set beforehand.
If a data packet goes outside the parameters of what is considered acceptable, the stateless firewall can identify the threat and then restrict or block the data housing it.