Abstract: A network security device for controlling the flow of packets into and out of an internal network , includes first and second network cards and a stateful inspection firewall. The first network card forwards each packet for inspection to determine whether or not the packet is part of an existing session. If the packet is part of an existing session it will be forwarded to the second network card and on to the internal network. If the packet is not part of an existing session it will be compared with a set of rules to determine whether the packet is acceptable or not acceptable to the network. If the packet is acceptable, it will be forwarded to the second network card and to the internal network and the session is entered into the stateful inspection table, and if the packet is not acceptable it will be dropped and will disappear.

Abstract: A network security device that does not require a separate computer for implementation is disclosed. The device may be in the form of a boxed hardware component and may be configured from an HTML interface. The device contains and uses three network cards. The first two cards are used for the firewall. A third card is a management interface having a private, non publicly routed IP address. A first network card forwards packets to a packet filter. Packets which pass the packet filter are then forwarded to a second network card and subsequently to their destination. None of the three network cards have a publicly routed IP address. The device acts as a packet filter that bridges rather than routes or proxies. The device may be connected between a router and a hub or a server machine.

Abstract: A network security device for controlling the flow of packets into and out of an internal network 60, includes first and second network cards 80 and 120 and a stateful inspection firewall. The first network card 80 forwards each packet for inspection 90 to determine whether or not the packet is part of an existing session. If the packet is part of an existing session it will be forwarded to the second network card 120 and on to the internal network 60. If the packet is not part of an existing session it will be compared with a set of rules to determine whether the packet is acceptable or not acceptable to the network. If the packet is acceptable, it will be forwarded to the second network card 120 and to the internal network and the session is entered into the stateful inspection table, and if the packet is not acceptable it will be dropped and will disappear.