What characteristic distinguishes circuit-level gateway firewalls?

The characteristic that distinguishes circuit-level gateway firewalls is that they verify the source of packets based on predefined rules. Circuit-level gateways operate at a layer above the network layer, providing more advanced features than simple packet filtering.

These firewalls establish a connection and can monitor the ongoing session, ensuring that only packets that are part of an approved session can pass through. By validating the source of the packets and their conformity with predefined rules, circuit-level gateways can provide a more robust security mechanism that takes into account the state of the connection, as opposed to merely analyzing individual packets or performing network address translation. This verification process enhances security by allowing only legitimate traffic that fits the established criteria.

In contrast, simply inspecting individual packets (which is typically the function of packet-filtering firewalls) does not provide the session awareness that circuit-level gateways possess. Likewise, while they may allow machines on a private network to share a public address, this is more reflective of the function of network address translation rather than a defining characteristic of circuit-level gateway firewalls. The combination of packet-filtering features and network address translation pertains more to specific configurations or capabilities rather than distinguishing characteristics of circuit-level gateways.