In which mode does a firewall analyze the header information of packets only?

The analysis of packet header information only occurs in packet filtering mode. In this mode, the firewall inspects the header of each packet, which includes information such as source IP address, destination IP address, source and destination ports, and the protocol being used. Based solely on this header information, the firewall makes decisions to allow or block packets.

This mode operates at a fundamental level of security, relying on predefined rules that specify which types of traffic are to be permitted or denied. Because it does not delve deeper than the header information, it lacks the ability to analyze the content of the packets, which distinguishes it from other modes like application inspection or stateful inspection.

In contrast, other modes, such as application inspection mode and stateful inspection mode, involve deeper analysis, including the ability to track the state of connections and inspect the payload of packets for specific application-level protocols. Network address translation mode primarily alters the headers of packets to change their source or destination addresses, so it isn't focused on analyzing header information for decision-making in the same way as packet filtering mode does.