Skip to content

What is a firewall, and what's the difference between a stateless and a stateful one?

Short answer

A firewall controls traffic between network zones by allowing or denying it based on rules. A stateless firewall evaluates each packet in isolation against rules; a stateful firewall tracks the state of connections so it can allow return traffic for sessions it permitted. Next-gen firewalls add application-layer awareness.

A firewall is the most familiar network control, but interviewers want more than "it blocks bad traffic." The real answer is about how it decides and what state it keeps.

What a firewall does

A firewall sits between network zones — for example between the internet and your internal network, or between a DMZ and internal servers — and enforces a rule set that allows or denies traffic. Rules typically match on source/destination IP, port, and protocol. The strongest posture is default-deny: block everything, then explicitly allow only what's needed.

Stateless versus stateful

A stateless (packet-filtering) firewall evaluates each packet on its own against the rules, with no memory of prior packets. It's fast but crude — to allow a reply you'd have to open a rule for return traffic explicitly, which is error-prone.

A stateful firewall maintains a connection table. When it permits an outbound connection, it remembers that session and automatically allows the matching return traffic, while still blocking unsolicited inbound packets. This is both safer and easier to manage, and it's the norm today.

Next-generation firewalls

A next-gen firewall (NGFW) adds application-layer awareness: it can identify the actual application (not just the port), inspect content, integrate threat intelligence, and often bundle IPS and TLS inspection. This matters because attackers tunnel through allowed ports like 443.

What a firewall is not

A firewall controls connectivity; it isn't antivirus, and a basic one doesn't deeply inspect payloads. It's one layer in defense in depth.

Why this matters

Interviewers gauge whether you understand the mechanism, not just the buzzword. Explaining stateful inspection, default-deny, and where NGFWs add value shows you can reason about network controls rather than recite a definition.

Likely follow-ups

  • What does a default-deny policy mean and why is it preferred?
  • What can a next-generation firewall do that a traditional one cannot?
  • How does a firewall differ from an IPS?

Sources

Certifications

Get 100 cybersecurity interview questions + answers

Drop your email and we'll send you the free PDF pack and the flashcard deck.

No spam. Unsubscribe anytime.