Proxy Firewall and Gateway Firewall: Introduction

On June 28, 2010, in Firewalls, by Ganesh Dutt Sharma

The terms proxy firewall and gateway firewall are used synonymously. These firewalls help to maintain the transparency between the requester and server. As you know, the packet filter firewall inspects the headers of the packets, so it works at network transport layer. But to do inspection of packets at deeper level for better security, we need the proxy firewalls which works at application layer. Moreover, these firewalls are aware of the application protocol, so they provide better inspection capabilities.

Every packet entering your internal network passes through your firewall. The firewall resides as a gateway between the user and the network, so it’s also referred to as Gateway firewall. The terms proxy firewall, firewall proxy, gateway firewall, firewall gateway, application gateway, application proxy refer to the same thing: Proxy Firewall.

Difference Between Packet Filter and Gateway Firewall

The major difference between the two main types of firewalls is that, the proxy(gateway) firewall understands the application. Being application specific, these can be programmed to allow or disallow the access to a particular service. You can even specify which functions of the application are accessible and which not. The squid proxy server is the example of this type of firewall. If placed at gateway position between internet and internal network, the access to various sites can be blocked based on IP address of the internal workstations. The set of rules which are consulted to allow/disallow the http traffic are called ACLs(Access Control List). Not only this, but bandwidth can also be controlled.

Benefits of Proxy Firewall

The proxy firewall offers several advantages. The list goes as below:

  1. Since the gateway understands the application, so the packet inspection is better.
  2. These act in both directions. From internal client to the server on internet and vice versa. Means this is also configurable, which internet hosts can send the requests to the internal clients.
  3. They act as single point of contact where you can better control access to the services of your network and internet.
  4. Extensive logs can be collected which help the network administrator at several levels.
  5. Based on the content of data, some proxies can help to filter the traffic as per your rules.
  6. The network information about internal workstations and servers is protected from internet.

Disadvantages of Proxy Firewall

The disadvantages are also there which are listed below:

  1. The proxy firewalls needs to understand the applications in detail, so to act as a proxy, you need that many proxy server applications as you want the number of services.
  2. The single point of contact can also act as single point of failure. So, backup servers are also necessary for this.
  3. The clients also need to be modified if you want them to use the proxy severs. The examples are, to use proxy squid server, you need to configure client browsers.
Tagged with:
 

More articles from the category: Firewalls


Proxy Firewall and Gateway Firewall: Introduction

The terms proxy firewall and gateway firewall are used synonymously. These firewalls help to maintain the transparency between the requester and server. As you know, the packet filter firewall inspects the headers of the packets, so it works at network transport layer. But to do inspection of packets at deeper level for better security, we need the proxy firewalls which works at application layer. Moreover, these firewalls are aware of the application protocol, so they provide better inspection capabilities.

Packet Filtering Firewall: An Introduction

The Packet Filtering Firewall is one of the most basic firewalls. The first step in protecting internal users from the external network threats is to implement this type of security. The first ever firewalls used were of packet filtering type only. As the trends of network threats started changing, so did the firewall building strategies. Most of the routers have packet filtering built-in, but the problem with the routers is that, they are difficult to configure and don’t provide extensive logs of the incidents. In my previous firewall tutorials I talked about firewall policies and few other things. That information is also used while designing such firewalls.

Firewall Security Policy

For network security there are some rules which we covered under security policy. The firewall policy is altogether different. We must say that security policy resides at conceptual level and firewall policy resides at technical implementation level and is a subset of security policy. Here I am going to discuss the firewall policy which covers theoretical implementation of network security policy.

Desired Security Policy For Firewall Implementation

For IT security when it comes to implementation of firewall, the planning comes first. The base of planning is the security policy for your organization. The firewall should be capable enough to protect the LAN resources from harms on internet. In a recent article on introduction to firewalls, I discussed about firewall basics. Now I’m going to discuss about the desired security policy for the firewall implementation for your network.

Firewall: Some Basic Ideas

Firewall is an important and extensive tool for IT security. Writing about firewalls in depth is one of my targets for this blog on IT security. So, to set the ball rolling I’ll start with the basics of firewalls . For today I’ll start the disucssion with firewall basics.