Stateful vs Stateless Firewall: What’s the Difference and Why Does it Matter?

When you’re starting out in IT services, there’s a lot of lingo to learn! If you’re currently looking for answers on stateful vs stateless firewalls, we’re here to help. In this article, you’ll learn what stateful firewalls and stateless firewalls refer to, the differences between the two, and the pros and cons of each choice for your IT business.

 

What is a stateless firewall?

 

It’s all in the name. A stateless firewall uses the stateless protocol, and therefore doesn’t remember any previous state of data packets. It simply filters the packet that’s passing through the firewall in real-time according to a rule list, held client-side. Each data communication is effectively in a silo.

 

Rules could be anything from the destination or source address, or anything in the header of the packet contents, and this will determine whether the traffic is permitted into the network, or denied access. This type of firewall is also known as a packet filtering firewall, and an example of it in action is the Extended Access Control Lists on Cisco IOS Routers.

 

What is a stateful firewall?

 

Now, a stateful firewall. Just as its name suggests, a stateful firewall remembers the state of the data that’s passing through the firewall, and can filter according to deeper information than its stateless friend. It will monitor all the parts of a traffic stream, including TCP connection stages, status updates, and previous packet activity.

 

After a type of traffic has been approved, it will be added to a kind of database (known as a state table or a connection table) so that the stateful firewall can make intelligent decisions about these kinds of packets in the future. This type of firewall is also called a dynamic packet filtering firewall, and an example is the Microsoft Defender Firewall, often the default choice for PC users.

 

Why do IT businesses choose stateless firewalls?

 

If you look at the descriptions of both kinds of firewall, you’re probably thinking that a stateful firewall sounds a lot smarter. You’re right that a stateful firewall certainly can do a lot more. It can channel data packets with more insight and context, provide a more robust deterrent to cyberattacks, and retain memory on previous behaviors.

 

However, it’s not as simple as that. Some people note that stateful firewalls are more prone to cyberattack, for example they can be subject to Denial of Service attacks as they require a lot of resources to run, and you can also experience more issues through man-in-the-middle attacks, where an attacker stands in the middle between two sides communicating, and intercepts or changes the communication without either party realizing. You also need to ensure you have a tight patch management schedule for your firewall, as a gap can cause vulnerabilities that can be taken advantage of by hackers.

 

It’s not just about what’s risky about stateful firewalls, either. There are some pros in the stateless firewall column! On the side of stateless firewalls, key benefits include really fast performance even when there is heavy traffic or unexpected spikes in data packets, and usually a cheaper price tag. These are valuable benefits that might make all the difference.

How do I know if I need a stateful or a stateless firewall?

 

With pros and cons on both sides, it’s hard to know which one is the right choice. It might help to ask yourself these three questions:

 

  • Does my business need this firewall to inspect traffic?
  • Do I need my firewall to have a memory, and act based on previous packet information?
  • Am I looking for extensive logging and attack prevention from this firewall?

 

If the answer to these questions is yes, then you’re looking for a stateful firewall. If not, a stateless firewall might well do the trick. In practice, very small businesses are usually fine with a stateless firewall, but the bigger the enterprise the more likely you are to need to invest in something with a few more bells and whistles.

 

However, there are some exceptions. For example, a large enterprise might have a complex data center with some form of segmentation using VLANs or microsegmentation. In which case, you might want to use a stateless firewall internally between two parts of the data center, knowing that your next-gen firewall or your stateful firewall is protecting a perimeter.

 

Making a final decision for MSP clients on stateful versus stateless firewalls

 

As cyberattacks continue to rise, and MSPs are called upon to protect multiple client environments, it’s important to understand and describe the different kinds of firewalls that you should deploy to inspect traffic and communications. This is an important conversation to have with your clients, either when you’re onboarding them to your services, or providing a security workshop or a Technology Business Review.

 

While stateful firewalls are smarter, have deeper functionality, and are able to retain information about previous packets based on network context, they are also more prone to cyberattack, and take up greater resources. For a faster data rate with more simplicity of operations and a great level of performance, especially where your client has more trust for the packet data or doesn’t need the firewall to inspect the traffic deeply, a stateless firewall may well be the better choice.

 

Want more guides like this on common IT terms and how to make the right choices for your business and your client environments? Check out the Atera blog, where we make the magic happen!