Firewalls – Dedicated Proxy Servers

Dedicated proxy servers differ from application-proxy and circuit-level gateways in that while they retain proxy control of traffic, they do not have firewalling capabilities. Although dedicated proxy servers are not firewalls, they are described in this section because of their close relationship to application-proxy gateway firewalls and circuit-level gateway firewalls. Many proxies are application-specific, and some actually perform analysis and validation of common application protocols such as HTTP.

Because these servers do not have firewalling capabilities, they are typically deployed behind traditional firewall platforms. Typically, a main firewall could accept inbound traffic, determine which application is being targeted, and hand off traffic to the appropriate proxy server (e.g., email proxy). This server would perform filtering or logging operations on the traffic, then forward it to internal systems. A proxy server could also accept outbound traffic directly from internal systems, filter or log the traffic, and pass it to the firewall for outbound delivery.

An example of this is an HTTP proxy deployed behind the firewall—users would need to connect to this proxy en route to connecting to external Web servers. Dedicated proxy servers are generally used to decrease firewall workload and conduct specialized filtering and logging that might be difficult to perform on the firewall itself.

In recent years, the use of inbound proxy servers has decreased dramatically. This is because an inbound proxy server must mimic capabilities of the real server it is protecting, which becomes nearly impossible when protecting a server with many features. Using a proxy server with fewer capabilities than the server it is protecting renders the non-matched capabilities unusable. Additionally, the essential features that inbound proxy servers should have (logging, access control, and so on) are usually built into the real servers. Most proxy servers now in use are outbound proxy servers, with the most common being HTTP proxies.
The figure shows a sample diagram of a network employing dedicated proxy servers for HTTP and email that have been placed behind another firewall system. Here, the email proxy could be the organization’s mail gateway for inbound and outbound email—not really a proxy at all, but a full-fledged mail server. All messages and communications must go through the proxy before they can be forwarded to other internal mail servers.

Breaking the direct line of communication between the Internet and the internal mail servers makes it much more difficult to attack those mail servers; only the mail gateway can be attacked directly. The HTTP proxy would handle outbound connections to external Web servers and possibly filter for active content. Many organizations enable caching of frequently used Web pages on the proxy to reduce network traffic and improve response times.

Application Proxy Configuration

Application Proxy Configuration

Published in Firewalls - VPN , Friday January 30th 2009
Tags: , ,



12 Responses to “Firewalls – Dedicated Proxy Servers”

  1. Rian says:

    The Internet Security Suite is turned off, but Limewire will not connect and detects firewall ?

  2. admin says:

    You don’t need to turn of your protection just set a rule in the suite to allow.
    In your case if the Internet Security Suite is turned off I think you should check and turned off also Windows Defender.

  3. Deby says:

    Can a system have one internet security and anti-virus of corresponding different companies?

  4. admin says:

    I don’t recommended using two of the same type of security software at the same time on a computer, because can cause conflicts between applications.

    So, for example, don’t use Kaspersky Internet Security Suite with Norton Antivirus.
    Instead you can use, for example, ZoneAlarm Firewall with Avira antivirus and Adaware because they are not offering the same type of security. But remember even in this case can exist conflicts, for example Avast free antivirus and ZoneAlarm Pro.

  5. Alex says:

    Why was MPLS developed ?

  6. admin says:

    MPLS was originally intended for controlled IP traffic engineering but, it has been found useful in virtual private networking (VPN) as well

  7. Alex says:

    What is PPVPN ?

  8. admin says:

    PPVPN (provider-provisioned VPN) is MPLS VPN traffic engineering approach for
    virtual services

  9. Alex says:

    What VoMPLS means ?

  10. admin says:

    voice over MPLS

  11. Paul says:

    What are the Dedicated Proxy Servers roles ?

  12. admin says:

    They should scan at least :

    1. Java applet or application filtering
    2. ActiveX control filtering
    3. JavaScript filtering
    4. Blocking specific Multipurpose Internet Multimedia Extensions
    (MIME) types
    5. Virus scanning and removal
    6. Macro virus scanning, filtering, and removal
    7. Application-specific commands, for example, blocking the
    HTTP delete command
    9. User-specific controls, including blocking certain content
    types for certain users

  13. Ken says:

    interesting post

  14. P. Silva says:

    a very good article about Firewalls – Dedicated Proxy Servers

Leave a Reply


Privacy | About Us | Contact
Copyright © 2008 Home Automation - JAEC - All the rights reserved