What is the difference between circuit-level gateways and application-level gateways relative to network firew...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Good question. First, let's clarify some terminology. Security professionals use a number of different terms that all mean the same thing. Circuit-level gateways are often referred to as stateful inspection firewalls. Application-level gateways are often referred to as proxy firewalls or application proxy firewalls.
There are three general classes of firewalls: packet filtering firewalls, stateful inspection firewalls and proxy firewalls. All three analyze inbound packets against a rule base and decide to block or allow the packet based upon those rules. Packet filtering firewalls don't do anything else. They analyze each packet in isolation and don't have any context (or "state") information to compare the current packet with previous packets.
Stateful inspection firewalls go a bit further. They monitor the connection setup and teardown process to keep tabs on connections at the TCP/IP level. This allows them to keep track of state information and determine which systems have open, authorized connections at any given point in time. They only reference the rule base when a new connection is requested. Packets belonging to existing connections are compared to the firewall's state table of open connections, saving time and providing added security.
Proxy firewalls are the most advanced. Like stateful inspection firewalls, they're connection-aware. But unlike the other two, they intercept all connections and perform an in-depth application layer analysis. Each time an external client requests a connection with an internal server (or vice versa), the client opens a connection with the firewall. If the connection meets the criteria in the firewall rule base, the proxy firewall will open a connection to the requested server. This places the firewall in the middle of the logical connection and allows it to watch the traffic for any signs of malicious activity at the application level.
For more on firewalls, read the Firewall Architecture Guide.
Dig Deeper on Application firewall security
Related Q&A from Mike Chapple
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ...continue reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ...continue reading
HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.