Can you explain the difference between a proxy server and proxy firewall? How do they work together?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
That's an important distinction and it requires a little insight into the history of these devices. Proxy firewalls, or application gateway firewalls, are a fairly recent addition to mainstream security environments. Until a few years ago, the stateful inspection firewall was the most advanced firewall protection. While stateful firewalls can monitor open connections, they cannot inspect application layer traffic. Therefore, if you were to allow HTTP traffic through your firewall, a stateful inspection firewall would not prevent an HTTP-based attack. Proxy firewalls, on the other hand, combine stateful inspection technology with the ability to perform deep application inspections. They also analyze layer 7 protocols, such as HTTP and FTP and monitor traffic for additional signs of attack. To make this work, the firewall must act as a proxy; that is, the client opens a connection with the firewall (usually unbeknownst to the client) and the firewall opens a separate connection to the server on the client's behalf.
Proxy servers, however, don't provide the benefits of a firewall. Like proxy firewalls, they act as a middleman for connections, but they don't provide stateful inspection or other firewall technology. They're generally used to provide content filtering and performance enhancements (such as caching) for local user's Web traffic. Since most proxy firewalls can provide all of the benefits of a proxy server, administrators typically use dedicated proxy servers where they wish to remove the performance load from the firewall.
Dig Deeper on Application Firewall Security
Related Q&A from Mike Chapple
The OWASP Top Ten list is not a compliance standard but a set of best practices for enterprises looking to boost Web app security. Here's how to get ...continue reading
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best ...continue reading
Tokenization technology can be confusing. Expert Mike Chapple explains what the difference is between two types of tokens and how tokenization can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.