Daniel, I agree with the rest of your post, however > Since NAPT uses stateful inspection to operate, I think I don't agree with this. I would say that NAPT is a stateful process but not that it uses inspection. By "inspection" I understand a more intelligent process that decapsulates packets and looks for "bad" things inside them, which is a separate function. In other words, there is a difference between 'stateful' and 'stateful inspection'. 'Stateful' is a feature of both NAPT boxes and firewalls; 'stateful inspection' is a feature of more sophisticated firewalls only; if you happen to find a NAPT box that does stateful inspection (the $50 ones don't) it could indeed be called a firewall. Michel.