Understanding Stateful vs Stateless Firewalls

Lab Details

  1. This lab walks you through the steps to understand the difference between stateful (Security group) and stateless (Network ACL) firewall.

  2. You will practice the lab using VPC and EC2.

  3. Duration: 60 minutes

  4. AWS Region: US East (N. Virginia)

Introduction

What is a Stateful Firewall ?

  • Security groups are stateful: This means any changes applied to an incoming rule will be automatically applied to the outgoing rule.

  • If you allow an incoming port 22, the outgoing port 22 will be automatically opened.

  • Inspects packets in the context of their traffic flow, allows you to use more complex rules, and allows you to log network traffic and to log Network Firewall firewall alerts on traffic. 

  • Stateful rules consider traffic direction.

What is a Stateless Firewall ?

  • Network ACLs are stateless: This means any changes applied to an incoming rule will not be applied to the outgoing rule.

  • If you allow an incoming port 22, you would also need to apply the rule for outgoing traffic.

  • Inspects each packet in isolation, without regard to factors such as the direction of traffic, or whether the packet is part of an existing, approved connection. This engine prioritizes the speed of evaluation. It takes rules with standard 5-tuple connection criteria. 

Architecture Diagram

Case study

In this lab, we will be creating a Custom VPC with a public subnet and launch an EC2 instance in that VPC.

First we will understand the Security group, Inbound and outbound rules.

Next we will understand the Network ACL, Inbound and outbound rules.

Case study Diagram

Task Details

  1. Launching Lab Environment.

  2. Create an Amazon VPC.

  3. Create a Public subnet.

  4. Create and attach an Internet Gateway.

  5. Create a Public Route Table and associate it with the subnet.

  6. Add the public Route in the Route table.

  7. Create a security Group.

  8. Launch an EC2 instance.

  9. Understand the security group rules.

  10. Understand the NACL rules.

  11. Validation of the lab.



Join Whizlabs_Hands-On to Read the Rest of this Lab..and More!

Step 1 : Login to My-Account
Step 2 : Click on "Access Now" to view the course you have purchased
Step 3 : You will be taken to our Learn Management Solution (LMS) to access your Labs,Quiz and Video courses