What is the difference between a proxy server firewall and a gateway server firewall? And when should each be
There are three basic categories of firewalls: packet filtering firewalls, stateful inspection firewalls and application proxy firewalls. Often, people refer to packet filtering firewalls and stateful inspection firewalls using the term gateway server firewall. Each of these three approaches builds upon the previous one(s), offering greater protection to an enterprise network. Here's how they work:
- Packet filtering firewalls are the most basic firewall technology available. Each network packet reaching the firewall is evaluated based upon its source, destination IP address and port to determine whether it is allowed to pass through the firewall. The firewall does not have any information about active connections, so it makes this decision each time it receives a packet. Packet filter firewalls are not common and users of this technology are typically writing rules that run on their routers.
- Stateful inspection firewalls are the most commonly deployed firewalls in enterprises today. They build upon packet filters by having the firewall maintain information about the state of each active connection. When a new packet arrives at the firewall, the filtering mechanism first checks to determine whether the packet is part of a currently active (and previously authorized) connection. Only if it doesn't appear on the list of active connections does the firewall evaluate the packet against its rulebase. There's a reason stateful inspection firewalls are so common: They're the most efficient and cost-effective firewalls, and are generally suitable for protecting most network borders.
- Application proxy firewalls go a step beyond stateful inspection firewalls in that they don't actually allow any packets to directly pass between protected systems. Instead, the firewall creates a proxy connection on the destination network and then passes traffic through that proxied connection. Proxy firewalls often contain advanced application inspection capabilities, allowing them to detect sophisticated application-layer attacks, such as buffer overflow attempts and SQL injection attacks. They're much more expensive than stateful inspection firewalls, however, and are normally only used to protect data centers and other networks containing publicly accessible, high-value servers.
The choice of an appropriate firewall mix for your organization will depend upon budget, the types of systems on the network and the enterprise's risk tolerance. For more on this topic, read my tip How to choose a firewall.
Dig deeper on Network Firewalls, Routers and Switches
Related Q&A from Mike Chapple, Enterprise Compliance
Should companies obtain U.S. security clearance to join the Enhanced Cybersecurity Services program? Mike Chapple offers his perspective.continue reading
Does a Web application security assessment termed 'compliance ready' seem too good to be true? Learn its role in an enterprise compliance program.continue reading
Learn how hiring the right PCI DSS-compliant service providers, especially payment services providers, can reduce your compliance burden.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.