Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

DPI vs SPI

What is the difference between DPI vs SPI.. ? which is better? Why would one choose SPI over DPI , because of speed?

Category: Firewall Security Services
Reply

Best Answer

  • CORRECT ANSWER
    MasterRoshiMasterRoshi Moderator
    Accepted Answer

    @MPERU99 , every packet has two pieces, the header (source/destination, protocols, ports etc..) and the data(piece of the file/image etc..) that it carries. SPI only looks at the header data, so you are only looking to see if the traffic profile is allowed (at the airport, they would check your ticket and passport for example). DPI would also look at the data portion (having you go through security, your baggage through the machine in this analogy) to see what it is carrying is malicious or not. No one would recommend you go with SPI only from a security perspective. DPI also allow for more things like being able to block websites (since we are checking for them), blocking applications (because we are scanning for signatures) and more.. In general, firewalls/security is a higher level concept (a layer of abstraction if you will) so if you are new to the foundational networking concepts it is a bit difficult to grasp (believe me, I was there once upon a time) but your intuition in the last comment was correct. There is another layer here in what we call DPI-SSL or SSL decryption/http scanning which is another layer which involves decryption-> scanning->re-encryption of encrypted data in transit but we can leave that for another day.

Answers

Sign In or Register to comment.