Create a Post
Create a Post
Showing results for 
Search instead for 
Did you mean: 
icon Security Basics

Principles of Check Point Architecture

Stateful Inspection

In the History article, we mentioned that Stateful Inspection technology is much more efficient and secure than Static Packet Filtering.  Let’s try to prove this statement and understand its technological basis.


Static Packet Filtering (SPF) is a method to control network access by checking the IP header of a packet and comparing its data with an access list, which contains access restrictions and allowances.  Practically any UNIX, BSD, or Linux machine is capable of performing this function natively.  With SPF, the security decision is made by the kernel’s IP stack in conjunction with an IP forwarding decision.  This function is always performed on a per packet basis.


Static Packet Filtering is incapable of enforcing anything more complex than just a simple verification of Layers 3 and 4 parameters, such as IP addresses and sometimes port numbers.  It also has performance drawbacks, as the security decision has to be made for every forward

TO READ THE FULL POST it's simple and free

Best way to start


A very good article to know about the function  of Checkpoint! however sound can provide more clarity