Circuit-level gateway firewall/stateful firewall

This is also known as a transparent proxy firewall. The word stateless indicates that the firewall checks the matching criteria and, if matched, forwards the traffic, but the return traffic will once again be inspected as a separate packet.

For example, assume web traffic is going from host A to server B. If this traffic was allowed by the firewall, the traffic would pass through. However, the return traffic, that is, from server B to host A, would once again be verified on the outbound interface of the firewall. If the firewall has a policy to block this traffic, then the return traffic gets dropped. This might not be proper policy enforcement on the firewall.

An example of a stateful firewall is Cisco Adaptive Security Appliance (Cisco ASA):