Stateful firewall

[2] State table entries are created for TCP streams or UDP datagrams that are allowed to communicate through the firewall in accordance with the configured security policy.

Once in the table, all RELATED packets of a stored session are streamlined, taking fewer CPU cycles than standard inspection.

TCP is a connection-oriented protocol[4] and sessions are established with a three-way handshake using SYN packets and ended by sending a FIN notification.

[5] The firewall can use these unique connection identifiers to know when to remove a session from the state table without waiting for a timeout.

UDP hole punching is a technology that leverages this trait to allow for dynamically setting up data tunnels over the internet.