Phalanx Firewall Features and Capabilities
Stateful Packet Filter
The Phalanx Firewall first line of defense is the stateful packet filter system. This layer of defense uses rules based on the requirements and policies of the client to examine the source, destination, port/service, MAC, flags, TOS, TTL, length, contents, time, quota, and state of IP traffic to determine the fate of the packet. This filter layer tracks the state of the connection and blocks packets that are not consistent with this state.
The Phalanx Firewall uses a number of application level proxies to further protect the client for connections that are allowed by the packet filter. When a connection is proxied the client connects to the proxy instead of the final destination, and the proxy then connects to the final destination. This allows the proxy to examine all aspects of the protocol and data and handle exceptional events in a protocol compliant manner for the client. Proxies included as of version 2.0.0 are HTTP, FTP, and POP3. The HTTP proxy provides protocol analysis, data caching, and complex destination control. The FTP proxy provides protocol analysis, data caching, complex destination control, and virus scanning/blocking. The POP3 proxy provides protocol analysis and virus scanning/blocking. Currently more than 30,000 viruses are known to the proxies.
The Phalanx Firewall Network Intrusion Detection features can examine all traffic on attached network segments and optionally terminate connections that match attack signatures or simply log and alert. Response method is on a per signature basis. The signatures can examine any aspect of IP traffic including highly specific and complex content within the data in order to determine a match. There are currently more than 3,000 attack signatures in the system.