What is the difference between circuit-level gateways and application-level gateways relative to network firew...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Good question. First, let's clarify some terminology. Security professionals use a number of different terms that all mean the same thing. Circuit-level gateways are often referred to as stateful inspection firewalls. Application-level gateways are often referred to as proxy firewalls or application proxy firewalls.
There are three general classes of firewalls: packet filtering firewalls, stateful inspection firewalls and proxy firewalls. All three analyze inbound packets against a rule base and decide to block or allow the packet based upon those rules. Packet filtering firewalls don't do anything else. They analyze each packet in isolation and don't have any context (or "state") information to compare the current packet with previous packets.
Stateful inspection firewalls go a bit further. They monitor the connection setup and teardown process to keep tabs on connections at the TCP/IP level. This allows them to keep track of state information and determine which systems have open, authorized connections at any given point in time. They only reference the rule base when a new connection is requested. Packets belonging to existing connections are compared to the firewall's state table of open connections, saving time and providing added security.
Proxy firewalls are the most advanced. Like stateful inspection firewalls, they're connection-aware. But unlike the other two, they intercept all connections and perform an in-depth application layer analysis. Each time an external client requests a connection with an internal server (or vice versa), the client opens a connection with the firewall. If the connection meets the criteria in the firewall rule base, the proxy firewall will open a connection to the requested server. This places the firewall in the middle of the logical connection and allows it to watch the traffic for any signs of malicious activity at the application level.
For more on firewalls, read the Firewall Architecture Guide.
Related Q&A from Mike Chapple
Web application firewalls may be a way to better security, but organizations need to be aware of the compliance implications of WAFs.continue reading
An SEC report shows over three-quarters of financial institutions were subject to at least one cybersecurity attack. Expert Mike Chapple looks at ...continue reading
The Data Accountability and Trust Act is likely to become a law this year. Expert Mike Chapple advises organizations on how to prepare.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.