Yes I am ignorant but when I read discussion of Stem with Mike about lack of full SPI in OA or Stem with Melih about SPI in Comodo or when I read about filtering in CHX-I (I was using it and I know what SPI options it have) then even I am ignorant I do undertsant that this is something that good firewall should have. If CHX-I should be benchmark then OA is loser same way like Windows xp in matousec tests. Maybe will lose even with xp firewall? Or I am completely wrong. Or it does not matter if there is SPI and how good it is? You have to agree that not all popular firewalls have it even Jetico implementation is not perfect. Why I should not look for such answer? Or nobody here knows the answer? EDIT. Well I read it again and I have to admit I do not understand what are you talking about. About with whom I agree with what? And you talking about my ignorance and my ignorant remarks? Where I said that special knowledge to be protected by spi is required? So what if SPI is from 1990 - does OA have it and in full, deep packet inspection, pseudo UDP and ICMP or only TCP syn (all out is allowed in)? Sorry for my english you are expert so you know what I mean.