Which feature of advanced firewalls integrates lower-layer access control with upper layer functionality?

The feature of advanced firewalls that integrates lower-layer access control with upper-layer functionality is application-proxy gateways. This type of firewall operates at both the transport and application layers of the OSI model, allowing it to inspect and filter traffic based on specific application behavior and characteristics.

Application-proxy gateways work by establishing a separate connection between the client and the server. When a user makes a request, the request is sent to the application proxy, which then processes this request at the application layer before forwarding it to the intended server. This means it can evaluate the data being transferred not just at the packet level, but also by understanding the context and protocols being used. This capability allows for more precise access control and threat detection based on the behavior of applications.

In contrast, stateful inspection primarily focuses on monitoring the state and attributes of active connections, while packet filtering inspects individual packets without regard to their state or the context provided by higher-layer protocols. Intrusion detection systems are designed mostly to identify and log suspicious activities rather than to control access. Thus, application-proxy gateways uniquely provide a comprehensive approach that effectively merges the insights of lower-layer access control with the intelligence of upper-layer functionalities.