An application proxy is the most secure firewall technology on the market today. An application proxy firewall operates as a middleman to all of the connections that attempt to pass through it. As the technology’s name suggests, this type of firewall proxies an application’s connection. When a client attempts to make a connection through the firewall, the firewall terminates the connection to it. Then the firewall opens and initiates a connection to the destination host on behalf of the client. All the data can be inspected by the application proxy firewall as it passes between the client-proxy connection and proxy-server connection.
This type of separation, plus the capability to inspect all the data, is why the application proxy firewall is the most secure. The firewall must have a protocol decoder built in for each of the supported protocols. If it doesn’t, it is possible to support any protocol with a generic proxy. A generic proxy, however, does not provide the same level of inspection as a custom protocol decoder. The generic proxy still can proxy a connection but is unable to understand the application inside the connection.
The application proxy must open a connection for each session passing through the firewall, which takes a great amount of work on the firewall’s part. The slower performance that results from managing so many connections has led to the general disuse of this technology as the main firewall for an organization.
However, many companies still use application proxy firewalls in limited-use scenarios and for environments in which performance isn’t a factor.
Application proxy firewalls are most commonly used for providing Web-based services. This use includes an authenticated proxy for monitoring outbound Web access and application accelerator products. Application accelerator products sit in front of the Web servers and proxy connections while also providing SSL acceleration and content compression.
The two most notable vendors providing application proxy firewalls today are Microsoft and Secure Computing. Microsoft uses proxy technology in its Internet Security and Acceleration Server (ISA)product. The ISA server, although not used as a main firewall device, is still highly popular in Microsoftfocused
organizations. Secure Computing’s Sidewinder G2 firewall is also a widely deployed product. Secure Computing purchased the Gauntlet firewall in 2002. Gauntlet was the most popular application proxy firewall during the peak usage of the application proxy technology.
You can read more about ISA server at www.microsoft.com/isaserver/.
You can find more information about secure computing and the G2 firewall at www.securecomputing.com.