How do you overcome the disadvantages of proxy-based firewalls?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Proxy-based firewalls provide the most advanced firewall security technology currently available on the market. I use them myself and strongly recommend their use for protecting sensitive information, especially in public-facing Web applications.
Proxy firewalls function by acting as a true intermediary between the client and the server. Traditional stateful inspection firewalls simply analyze traffic to determine whether it should be allowed before passing it directly to the protected server. Proxy firewalls, on the other hand, actually establish connections with both the client and the server, allowing them to inject themselves into the connection stream. This provides them with the ability to perform deep application-layer inspection of traffic to identify application-level attacks, such as SQL injection exploits.
The main disadvantage to proxy-based firewalls is their cost. They are significantly more expensive than standard stateful inspection firewalls both in terms of actual financial cost and processing time used. The best way to compensate for this is to use the proxy features sparingly. If an application will not significantly benefit from proxy filtering, disable application filtering for that particular rule. This will help to squeeze maximum performance out of the firewall.
Dig Deeper on Network Firewalls, Routers and Switches
Related Q&A from Mike Chapple
Encrypting data going to the cloud is a security best practice, but does it add extra challenges for regulators that might need to access the data? ...continue reading
Merchants that sell at off-site venues need to take extra care to follow PCI compliance standards. Expert Mike Chapple discusses how organizations ...continue reading
The FTC's order for PCI DSS compliance assessments is odd since PCI isn't a government regulation. Expert Mike Chapple explains the motivation ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.