What Is a Proxy Firewall?
Discover how a proxy firewall can help ensure threat protection and web security.
Request A Firewall Demo Speak with an Expert
Proxy Firewall Meaning
A proxy firewall, also known as an application firewall or a gateway firewall, limits the applications that a network can support, which increases security levels but can affect functionality and speed. A proxy firewall is the most secure form of firewall, which filters messages at the application layer to protect network resources.
Traditional firewalls are not designed to decrypt traffic or inspect application protocol traffic. They typically use an intrusion prevention system (IPS) or antivirus solution to protect against threats, which only covers a small fraction of the threat landscape that organizations now face.
A proxy server addresses this gap by providing a gateway or intermediary between computers and servers on the internet to secure data that goes in and out of a network. It determines which traffic should be allowed and denied and analyzes incoming traffic to detect signs of a potential cyberattack or malware. A proxy server firewall caches, filters, logs, and controls requests from devices to keep networks secure and prevent access to unauthorized parties and cyberattacks.
How Do Proxy Firewalls Work?
A proxy firewall is considered the most secure form of firewall because it prevents networks from directly contacting other systems. It has its own Internet Protocol (IP) address, which means an external network connection cannot receive packets directly from the network.
A proxy firewall works by providing a single point that enables organizations to assess the threat level of application protocols and implement attack detection, error detection, and validity checks. It uses tactics like deep packet inspection (DPI) and proxy-based architecture to analyze application traffic and discover advanced threats.
A proxy network will likely have one computer directly connected to the internet. Other computers in the network access the internet by using the main computer as a gateway, which enables the proxy to cache documents requested by multiple users. A user attempting to access an external site through a proxy firewall would do so through this process:
- The user requests access to the internet through a protocol such as File Transfer Protocol (FTP) or Hypertext Transfer Protocol (HTTP).
- The user’s computer attempts to create a session between them and the server, sending a synchronize (SYN) message packet from their IP address to the server’s IP address.
- The proxy firewall intercepts the request, and if its policy allows, replies with a synchronize-acknowledge (SYN-ACK) message packet from the requested server’s IP
- When the SYN-ACK packet is received by the user’s computer, it sends a final ACK packet to the server’s IP address. This ensures a connection to the proxy but not a valid Transmission Control Protocol (TCP) connection.
- The proxy completes the connection to the external server by sending a SYN packet from its IP address. When it receives the server’s SYN-ACK packet, it responds with an ACK packet. This ensures a valid TCP connection between the proxy and the user’s computer and between the proxy and the external server.
- Requests made through the client-to-proxy connection then the proxy-to-server connection will be analyzed to ensure they are correct and comply with the corporate policy until either side terminates the connection.
This process ensures a highly secure network that provides deep inspection of the contents of every packet that flows in and out of a network.
Examples of a Proxy Firewall's Work
Proxy servers are often implemented through bastion hosts, which are systems likely to come under direct cyberattack. Proxy firewalls monitor network traffic for core internet protocols, such as Layer 7 protocols, and must be run against every type of application it supports. These include Domain Name System (DNS), FTP, HTTP, Internet Control Message Protocol (ICMP), and Simple Mail Transfer Protocol (SMTP).
A proxy firewall is essentially a go-between for every connection on a network. Every computer on the network establishes a connection through the proxy, which creates a new network connection. For example, if a user wants to visit an external website, then packets are processed through an HTTP server before they are forwarded to the requested website. Packets from the website are then processed through the server before being forwarded to the user.
Proxy firewalls centralize application activity into one single server. This enables organizations to inspect packets for more than simply source and destination addresses and port numbers. As a result, most firewalls now have some form of proxy server architecture.
Proxy firewalls will often be deployed within a set of trusted programs that support a specific application protocol. This ensures complete analysis of the protocol’s security risk and offers enhanced security control than is possible through a standard firewall.
Proxy Firewalls: Advantages and Disadvantages
Advantages
The main goal of a proxy firewall is to provide a single point of access. This enables organizations to assess the level of threat posed by application protocols, effectively detect threats, and check the validity of network traffic. A proxy firewall also enables refined setup control, which allows organizations to fine-tune it to their network needs and corporate policies.
A proxy firewall also prevents direct connections between a user’s computer and the external sites they want to visit, which offers substantial security benefits. It offers one of the most secure network connections possible because it provides deep inspection of every data packet in and out of a network. This ensures organizations can prevent the most sophisticated and high-risk malware attacks.
Disadvantages
Despite the extra security a proxy firewall offers, there are drawbacks to the approach. One of the main disadvantages is that a proxy firewall creates a new connection for each outgoing and incoming packet. This can result in the firewall creating a bottleneck in traffic flow, significantly slowing down the process and negatively affecting network performance, and creating a single point of failure. Some proxy firewalls might only support particular network protocols, which limits the applications that the network can support and secure.
How Fortinet Can Help
FortiGate Next Generation Firewalls (NGFW) seamlessly integrates advanced networking and robust security providing industry-leading threat protection and decryption with a custom ASIC architecture for superior performance and energy efficiency at scale. Powered by FortiOS ensuring consistent security across networks, streamlining operations, and convergence of networking and security across WLAN, LAN, SASE, and NGFW eliminating the need for multiple products with integrated SD-WAN and Universal ZTNA into FortiGates. Customers are safeguarded against the latest threats with AI-enhanced protection from FortiGuard Security Services and FortiManager for centralized and unified policy management of Hybrid Mesh Firewalls. FortiGates are the foundation of the Fortinet Security Fabric ensuring consistent security, converging networking and security to rapidly respond to threats, and ensuring a secure, responsive network environment. This comprehensive platform approach, covering everything across diverse networks, endpoints, and clouds, provides a tailored, efficient cybersecurity solution.
