The difference between Session Layer Firewalls and application

In today’s application centric interconnected environments, the next generation of firewalls (application layer firewalls) are required to reduce the attack surface area. […]; in the beginning only routers with access lists were available because that is all that was required. Managing a network using only access control lists and some basic filtering was more than […]

In today’s application centric interconnected environments, the next generation of firewalls (application layer firewalls) are required to reduce the attack surface area.

[…]; in the beginning only routers with access lists were available because that is all that was required. Managing a network using only access control lists and some basic filtering was more than enough protection for deterring unauthorised users. This was the case because routers were at the heart of every network and more specifically these devices were used to route traffic to and from WAN connections like branch offices and the Internet. 

The fact is, very little has changed with regards to routers other than some slight modifications to the way they filter traffic and the organisations that manufacture these devices have focused on increasing security up to the layer that these devices are capable of performing at. What am I saying? A fence built out of logs will always be a fence made of wood, not as good as stone.

Session layer firewalls are also known as Circuit level firewalls or circuit gateways. These session layer firewalls have the following features; they operate at the TCP layer of the OSI model. Typically these firewalls use NAT (Network Address Translation) to protect the internal network and these gateways have little or no connection to the application layer, thus cannot filter more complicated connections. These firewalls are only able to protect traffic on a basic rule base like source destination port.

Full Article