I've looked up this stateless vs stateful subject many times before and nowhere has it been explained better than in this video! Brilliant job, thank you!

As a Networks instructor, I see that this video is helpful and professional. 20/20

I've been in network security for sometime now, and this is one of the best ways I've seen this explained. Great work!

Stumbling upon your channel feels like discovering a true treasure trove of IT knowledge on KZbin. I can only imagine the immense effort and dedication it takes to create such high-quality content. Thank you so much for sharing your expertise!

- When you make a connection using TCP each side is sending IP packets to each other. TCP is layer 4 protocol which runs on top of IP and adds error correction and ports. - Each connection by a user via client to an application on a server consists of two parts- the request (initiation) and the response which are two parts of the same interaction - client picks a temporary (ephemeral) port as its source which has a value between 1024 and 65536. Then the client initiates a connection to the server using a well known destination port 443 - https. Well known ports are associated with popular applications. This is the request part. The client asking for something from the server. - Next the server responds with some type of data. The server connects to the source IPof the request which is the clien. It connects to the client's port which is an ephemeral port. This is the response part. It is from the server on that well known port 443 to the client on the ephemeral port chosen by the client - It is is this values that uniquely identify a connection - source Ip and source port, and destination IP and destination port. - Each interaction/connection comprises of a request part and response component. The directionality of the transmission depends on the node's perspective. The direction of a request or response isnt always outbound or inbound. There are outgoing requests, outgoing responses, incoming requests and incoming responses. Some servers can have all, like web servers, where the both initiate and accept connections. For every connection start with the request and the response will be the inverse - When the client initiates a request, packets are sent to the server with a source IP and source port of the client and destination IP and destination port of the server. This request is an outbound request from the client perspective and an inbound request from the server perspective - Firewalls require consideration of perspective - directionality when defining rules for connections. The response is always inverse direction to the request - source IP, source port and destination IP and destination port switch. - Stateless firewalls see the request and response as separate activities. Allowing or denying them is done individually so there are two separate rules required one for the request and another for the response. Therefore more management overhead with more rules required per connection - The request component is always going to be to a well know port. The response is always going to be from a server to a client going to a random ephemeral port chosen by the client's OS. And because the firewall is stateless it has no way of knowing which specific port the response is destined for. Therefore in the firewall rules traffic in the full range of ephemeral ports must be allowed which isn't ideal for security engineers. - Stateful firewalls are intelligent enough to identify the response component from it's request component. By comparing the ports and IP of the request and response and if they're the same it can link them to each other. Therefore, for a specific request the stateful firewall automatically knows which data is the response and automatically allows it. Therefore only one rule required for stateful firewalls which is for allowing/denying the request and the response is automatically allowed/denied significantly reducing admin overhead. In addition there's no need to allow traffic for the entire ephemeral port range as the firewall knows the specific ephemeral port for the connection

The last two minutes were pure gold. But to reach it, you have to dig through the first 12 minutes!!

Brilliant video, broken down each and every part very detailed and straight to the point.

The prehistory you made before explaining actual firewalls is brilliant! Thanks for the video!

video starts at 8:20 if you already know the basics of what a firewall is.

Thanks for the amazing work you're putting in !

Very clear explanation and incredibly helpful. One thing that still confuses me is the ‘overhead’ part which you say is lower on stateful firewalls. Since they record the state of a connection whereas a stateless firewall doesn’t; it’s more intuitive for me to say that a stateless firewall therefore needs less memory and has less overhead as a consequence. But I’m probably mistaken one concept for the other.

Thanks

Great video, I'm studying for the Network+ and this was really helpful, thank you.

very well explained😀

Good slides, good explanations, good video. Thanks for making me smarter.

Best explanation ever. Clarity pro max!

What a great explanation! Great job!!

Excellent video and explanation. You have cleared up so many topics for me.

Well articulately explained. Also quickly refreshed some of the Network layer concepts before diving into the topic, this is something I always wanted.

Excellent Explanation, I'm still learning a lot but this is spot on and really breaks it down for me to understand. Thank you.

Literally, brilliant way to teach. Thanks ❤

Great animation and explanation. Thanks!

Oh this explaination is excellent and helps a lot

what a fantastic explanation along with slides. Thank u very much

Great Video understandable.You are doing well at teaching

Very simple explanation. Thank you!

This is video is 10/10 🎉🎉 appreciate the effort ❤ U got a new sub

Great job, very educational!

Fantastic explanation!

Very good explanation

Hey There. Im taking your AWS Solutions Architect - Professional course. It has been a great experience. I am stuck on one demo because I need to increase my vCPU limit to create an EC2. Currently my vCPU limit is 8. How do I increase it and how much should i increase it

Excellent! Would you be able to point me to the "next video" that helps explain AWS State/Stateless that you mentioned?

Great video, subscribed and liked. Just curious wouldn't modern systems only use the ranges of 49152 to 65535 as their ephemeral ports?

The explanation was hell stateful, Thanks Bro

Great video! I am looking to block inbound SMB port 445 across Windows workstations in my environment. If I leave workstations with the ability to make an outbound SMB connection to a printer server and allow the print/file server inbound SMB allow access, will the computers still be able to communicate with the server back and forth (outbound + inbound) even though there is a deny rule on incoming SMB connections? How will the Firewall know which to choose since the rules are almost conflicting, is it going to choose the automatic deny?

I think AWS security group acts like a Stateful firewall? Am I correct?

well explained..thanks a lot!

Thanks again for the great video 😀😀😀

Nice articulated 😊

Amazing explanation. Just amazing

holy hell!! this ws explained very well. subbed!!

Wow, super explained recommended

one of the best. thanks

Brilliant 👍

super helpful. Thanks for this. What do you use to create these diagrams? If you don't mind sharing.

Very well explained video and excellently well illustrated to boot - I would say one thing and thats the use of the ephemeral port numbers which are the same as the IP of the target which threw me for a second as confusing but maybe might mislead others into thinking the port number somehow defaults to the IP of the target which it wouldnt i suspect? Loved the video as my go to explainer for people and myself when i have to jog the grey matter.

It’d be a crime to follow, like and comment. Thank you for a Job well done!

Super presentation

Excellent, thank you

great, thanks

you are the man baruch hashem

great video!

Satisfactory ❤

Thank you

Legend!

good video, but to put it clearer , if the packet go to the router, INBOUND, if they leave OUTBOUND. it is the perspective of the router.

Then why would people opt to use stateless firewalls instead of stateful firewalls?

Nobody does it better...

waiting for layer 6 and 7

❤❤❤

"HAYCH TAYEE CAYEEE PAYEE"

WTF 😳 my brain exploded , couldn’t understand anything. Pls simplify next time.