Which firewall analyzes traffic at layers 3 and 4 of the OSI model?

A Stateful Packet Inspection (SPI) Firewall analyzes traffic at layers 3 (Network layer) and 4 (Transport layer) of the OSI model. This type of firewall not only examines the packet headers for both source and destination IP addresses and port numbers but also maintains a state table to track active connections. By doing this, it can determine whether an incoming packet is part of an existing, established connection or if it is a new request. This behavior enhances security because it provides context for the traffic flow, allowing the firewall to make more informed decisions about which packets to allow or deny.

In contrast, an Appliance Firewall typically refers to the physical device running a combination of software and hardware designed to provide firewall services, but it does not specifically define the layers at which it operates. A Web Application Firewall (WAF) focuses on layers 5 to 7 of the OSI model, filtering and monitoring HTTP traffic between a web application and the Internet, thus it is not suitable for layer 3 and 4 analysis. A Host-Based Firewall operates on a single host, protecting it from incoming and outgoing traffic, and while it can use various methods, its scope is broader than just stateful inspection. Therefore, the SPI firewall is the specific choice