Circuit Gateway/firewall - anyone have an actual example of one?
As I wrap up my final prep for my first try at the exam next Wednesday - I keep coming back across the Circuit (alleged to run at Session Layer) Gateway/firewall. Does anyone have a concrete example of one of these? I've been a Cisco ASA firewall admin almost 20 years now - and on some level the ASA (based on what it can filter on) seems to be one - but I've *never* heard the term outside ISC2 land. I was even certified (a couple times) on Cisco firewalls and NEVER heard the term. Google will yield tons of what appears to be copy and paste of the same basic description - but I never see any actual example of a product or deployment example of a "Circuit gateway" firewall. Odder still (to me), the descriptions often reference TCP/UDP being used for forwarding decisions - which are layer 4 constructs, not layer 5.
Thanks for any input!
Thanks for any input!
Comments
-
JDMurray Admin Posts: 13,090 AdminI've always assumed that a "circuit-switched firewall" is a packet filtering device that can both see and make filtering decisions based on OSI Layer 4 information. Back in the 1990s, firewalls only filtered based on OSI Layer 2 and 3 information, so adding in Layer 4 filtering capability as hardware processing speeds improved seemed like a big deal (at least for the marketing people).
In TCP-land, a "circuit" is an established TCP session running in OSI Layer 4. (The term "circuit" may have been used to sell TCP/IP packet-switched networking to Telco people back in the early 1990s.) One Layer 4 circuit connection can be multiplexed into multiple OSI Layer 5 sessions. Each session is an individual and discrete conversation that is transported using the same TCP circuit. This type of traffic is typically only seen by application-layer firewalls and network security monitoring devices.