ABSTRACT
The level of protection that any firewall is able to provide in securing a private network when connected to the public Internet is directly related to the architectures chosen for the firewall by the respective vendor. All firewalls rely on the inspection of information generated by protocols that function at various layers of the Open Systems Interconnection (OSI) model. Knowing the OSI layer at which a firewall operates is one of the keys to understanding the different types of firewall architectures. Faster processors and the performance advantages of symmetric multi-processing have narrowed the performance gap between the traditional fast packet filters and high overhead-consuming proxy firewalls. In writing the firewall application to fully support symmetric multi-processing, the firewall vendor is afforded up to a 30 percent increase in dynamic packet filter performance for each additional processor in operation.
