What are the disadvantages of proxy-based firewalls?

Network security expert Mike Chapple explains why he strongly recommends the use of proxy-based firewalls.

Mike Chapple, University of Notre Dame

How do you overcome the disadvantages of proxy-based firewalls?

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate Email Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Proxy-based firewalls provide the most advanced firewall security technology currently available on the market. I use them myself and strongly recommend their use for protecting sensitive information, especially in public-facing Web applications.

Proxy firewalls function by acting as a true intermediary between the client and the server. Traditional stateful inspection firewalls simply analyze traffic to determine whether it should be allowed before passing it directly to the protected server. Proxy firewalls, on the other hand, actually establish connections with both the client and the server, allowing them to inject themselves into the connection stream. This provides them with the ability to perform deep application-layer inspection of traffic to identify application-level attacks, such as SQL injection exploits.

The main disadvantage to proxy-based firewalls is their cost. They are significantly more expensive than standard stateful inspection firewalls both in terms of actual financial cost and processing time used. The best way to compensate for this is to use the proxy features sparingly. If an application will not significantly benefit from proxy filtering, disable application filtering for that particular rule. This will help to squeeze maximum performance out of the firewall.

This was last published in June 2009

unified threat management (UTM)

The 5 different types of firewalls explained

firewall

Web application firewall (WAF)

Unify on-premises and cloud access control with SDP

Get to know cloud-based identity governance capabilities

6 AIOps security use cases to safeguard the cloud

Wi-Fi 6 rollout requires careful review of network devices

How cloud-native networking will transform infrastructure

The role of network observability in distributed systems

Managing cybersecurity during the pandemic and in the new digital age

Enterprise architecture has business's ear at Scottish Water

4 IT contract negotiation strategies to drive value in 2021

Incorporating zero trust into endpoint security

Keeping tabs on employees in the hybrid workplace

Top 6 endpoint security software options in 2021

Choose the right serverless container service

IBM boosts vertical cloud push with financial services cloud

Open source cloud platforms and tools to consider

Sutton Council trials in-home sensor tech

Post Office’s full and final settlement with Horizon scandal victims in plain English

CityFibre switches on Milton Keynes to gigabit and names Edinburgh infrastructure lead