What Is a Proxy Firewall?
A proxy firewall is the most secure form of firewall, which filters messages at the application layer to protect network resources. A proxy firewall, also known as an application firewall or a gateway firewall, limits the applications that a network can support, which increases security levels but can affect functionality and speed.
Traditional firewalls are not designed to decrypt traffic or inspect application protocol traffic. They typically use an intrusion prevention system (IPS) or antivirus solution to protect against threats, which only covers a small fraction of the threat landscape that organizations now face.
A proxy server addresses this gap by providing a gateway or intermediary between computers and servers on the internet to secure data that goes in and out of a network. It determines which traffic should be allowed and denied and analyzes incoming traffic to detect signs of a potential cyberattack or malware. A proxy server firewall caches, filters, logs, and controls requests from devices to keep networks secure and prevent access to unauthorized parties and cyberattacks.
How Do Proxy Firewalls Work?
A proxy firewall is considered the most secure form of firewall because it prevents networks from directly contacting other systems. It has its own Internet Protocol (IP) address, which means an external network connection cannot receive packets directly from the network.
A proxy firewall works by providing a single point that enables organizations to assess the threat level of application protocols and implement attack detection, error detection, and validity checks. It uses tactics like deep packet inspection (DPI) and proxy-based architecture to analyze application traffic and discover advanced threats.
A proxy network will likely have one computer directly connected to the internet. Other computers in the network access the internet by using the main computer as a gateway, which enables the proxy to cache documents requested by multiple users. A user attempting to access an external site through a proxy firewall would do so through this process:
- The user requests access to the internet through a protocol such as File Transfer Protocol (FTP) or Hypertext Transfer Protocol (HTTP).
- The user’s computer attempts to create a session between them and the server, sending a synchronize (SYN) message packet from their IP address to the server’s IP address.
- The proxy firewall intercepts the request, and if its policy allows, replies with a synchronize-acknowledge (SYN-ACK) message packet from the requested server’s IP
- When the SYN-ACK packet is received by the user’s computer, it sends a final ACK packet to the server’s IP address. This ensures a connection to the proxy but not a valid Transmission Control Protocol (TCP) connection.
- The proxy completes the connection to the external server by sending a SYN packet from its IP address. When it receives the server’s SYN-ACK packet, it responds with an ACK packet. This ensures a valid TCP connection between the proxy and the user’s computer and between the proxy and the external server.
- Requests made through the client-to-proxy connection then the proxy-to-server connection will be analyzed to ensure they are correct and comply with the corporate policy until either side terminates the connection.
This process ensures a highly secure network that provides deep inspection of the contents of every packet that flows in and out of a network.
Examples of a Proxy Firewall's Work
Proxy servers are often implemented through bastion hosts, which are systems likely to come under direct cyberattack. Proxy firewalls monitor network traffic for core internet protocols, such as Layer 7 protocols, and must be run against every type of application it supports. These include Domain Name System (DNS), FTP, HTTP, Internet Control Message Protocol (ICMP), and Simple Mail Transfer Protocol (SMTP).
A proxy firewall is essentially a go-between for every connection on a network. Every computer on the network establishes a connection through the proxy, which creates a new network connection. For example, if a user wants to visit an external website, then packets are processed through an HTTP server before they are forwarded to the requested website. Packets from the website are then processed through the server before being forwarded to the user.
Proxy firewalls centralize application activity into one single server. This enables organizations to inspect packets for more than simply source and destination addresses and port numbers. As a result, most firewalls now have some form of proxy server architecture.
Proxy firewalls will often be deployed within a set of trusted programs that support a specific application protocol. This ensures complete analysis of the protocol’s security risk and offers enhanced security control than is possible through a standard firewall.
Advantages and Disadvantages of Proxy Firewalls
Proxy firewalls offer advanced network security levels, but at the same time, can impact network speed and performance.
The main goal of a proxy firewall is to provide a single point of access. This enables organizations to assess the level of threat posed by application protocols, effectively detect threats, and check the validity of network traffic. A proxy firewall also enables refined setup control, which allows organizations to fine-tune it to their network needs and corporate policies.
A proxy firewall also prevents direct connections between a user’s computer and the external sites they want to visit, which offers substantial security benefits. It offers one of the most secure network connections possible because it provides deep inspection of every data packet in and out of a network. This ensures organizations can prevent the most sophisticated and high-risk malware attacks.
Despite the extra security a proxy firewall offers, there are drawbacks to the approach. One of the main disadvantages is that a proxy firewall creates a new connection for each outgoing and incoming packet. This can result in the firewall creating a bottleneck in traffic flow, significantly slowing down the process and negatively affecting network performance, and creating a single point of failure. Some proxy firewalls might only support particular network protocols, which limits the applications that the network can support and secure.
How Fortinet Can Help
Fortinet protects organizations’ networks with its secure web gateway (SWG) solution FortiProxy, a high-performance proxy that consists of physical and virtual appliances. The solution is designed to ensure compliance, threat protection, visibility, and web security for organizations of all sizes.
FortiProxy is a secure, unified web proxy product that protects organizations from web-based attacks through advanced threat defense, malware protection, and Uniform Resource Locator (URL) filtering. This defends users against internet-based threats and enforces corporate policy compliance.
FortiProxy incorporates multiple threat detection techniques deployed as a bundle that offers crucial network protection tools and functionalities. This includes advanced threat protection (ATP), antivirus, data loss prevention (DLP), DNS filtering, FortiSandbox Cloud, intrusion prevention, secure sockets layer (SSL) inspection, and web filtering. It is effective in reducing organizations’ bandwidth demands and optimizing their network with content and video caching. The solution also includes advanced caching and wide-area network (WAN) optimization, as well as a content analysis add-on service that helps organizations detect toxic or offensive visual content.
Crucially, the services and licenses included in the Fortinet bundle are all-inclusive and cannot be purchased individually. This offers a major cost advantage compared to being charged for each individual service separately and purchasing expensive individual renewals.