What is the difference between a proxy server firewall and a gateway server firewall? And when should each be used?
There are three basic categories of firewalls: packet filtering firewalls, stateful inspection firewalls and application proxy firewalls. Often, people refer to packet filtering firewalls and stateful inspection firewalls using the term gateway server firewall. Each of these three approaches builds upon the previous one(s), offering greater protection to an enterprise network. Here's how they work:
- Packet filtering firewalls are the most basic firewall technology available. Each network packet reaching the firewall is evaluated based upon its source, destination IP address and port to determine whether it is allowed to pass through the firewall. The firewall does not have any information about active connections, so it makes this decision each time it receives a packet. Packet filter firewalls are not common and users of this technology are typically writing rules that run on their routers.
- Stateful inspection firewalls are the most commonly deployed firewalls in enterprises today. They build upon packet filters by having the firewall maintain information about the state of each active connection. When a new packet arrives at the firewall, the filtering mechanism first checks to determine whether the packet is part of a currently active (and previously authorized) connection. Only if it doesn't appear on the list of active connections does the firewall evaluate the packet against its rulebase. There's a reason stateful inspection firewalls are so common: They're the most efficient and cost-effective firewalls, and are generally suitable for protecting most network borders.
- Application proxy firewalls go a step beyond stateful inspection firewalls in that they don't actually allow any packets to directly pass between protected systems. Instead, the firewall creates a proxy connection on the destination network and then passes traffic through that proxied connection. Proxy firewalls often contain advanced application inspection capabilities, allowing them to detect sophisticated application-layer attacks, such as buffer overflow attempts and SQL injection attacks. They're much more expensive than stateful inspection firewalls, however, and are normally only used to protect data centers and other networks containing publicly accessible, high-value servers.
The choice of an appropriate firewall mix for your organization will depend upon budget, the types of systems on the network and the enterprise's risk tolerance. For more on this topic, read my tip How to choose a firewall.
Dig deeper on Network Firewalls, Routers and Switches
Related Q&A from Mike Chapple, Enterprise Compliance
Social media compliance is not typically considered a big issue for companies, but expert Mike Chapple explains why it should be.continue reading
Metadata tagging is not just for security. Expert Mike Chapple explains how tagging tools can be used to achieve PCI DSS compliance.continue reading
Before using the HIPAA-compliant cloud services from Google, there are some things companies need to know, according to expert Mike Chapple.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.