j'ai trouvé ca :
Stateful Packet Inspection In More Detail
The firewall comes with a default security policy which blocks all "inbound" connections (from the Internet to the LAN), and allows all "outbound" connections (from the LAN to the Internet). The desired effect is that LAN users can continue to access Internet resources, while hackers on the Internet cannot access the internal LAN resources. SonicWALL provides this protection in a network appliance. Since user-level applications such as FTP and the Web can create complex patterns of network traffic, it is necessary for the appliance to analyze groups of network connection "states". A central cache within the firewall appliance keeps track of the state information associated with all network connections. All traffic passing through the firewall is analyzed against the state of these connections in order to determine whether or not it will be allowed to pass through or rejected.
oky...ca garde un cahce des "etats" des connections ...