A stateful firewall, like FortiGate, tracks TCP sessions by maintaining a state table that includes TCP sequence numbers and flags (e.g., SYN, ACK, FIN) to monitor the connection's lifecycle (establishment, data transfer, termination). This ensures proper session handling, detecting out-of-order packets or invalid states. Source and destination ports identify the session but don’t control its state, and ACK numbers alone are insufficient. Exact extract: "Stateful inspection tracks TCP sessions using sequence numbers and TCP flags (SYN, ACK, FIN, etc.) to ensure packets are valid and part of an established session... FortiGate maintains a state table to monitor the TCP connection states."
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit