June 8th, 2006, 10:04 AM
proxy firewall and this scenario from Forouzan Book
I have got this scenario from Forouzan Book "Data Communications and Networking" 3ed
He says in page 851 :
"When the user client process sends a message, the proxy firewall runs a server process to receive the request. The server (I said it is the HTTP proxy )opens the packet at the application level and finds out if the request is ligitimate. If it is, the server acts as a client process and sends the message to the real server (I said it is the HTTP Sever) in the corporation. If it is not, the message is dropped and an error message is sent to the external user. Figure 31.11 shows a proxy firewall implementation".
If the proxy firewall can investigate (check ) the application layer by itself , why do I need to send the packet to the HTTP proxy ?
June 8th, 2006, 11:02 AM
Sometimes a filtering proxy is called an application firewall.. Very confusing terms..
I prefer to call something that filters on layer3/4 a firewall and something that filters on layer 7 a proxy but those definitions tend to blur these days...
No, the proxy firewall runs a http proxy that takes care of the checking..
If the proxy firewall can investigate (check ) the application layer by itself
Experience is something you don't get until just after you need it.
June 9th, 2006, 07:14 PM
Really it will be easier to distiguish if they used these terminologies.
I prefer to call something that filters on layer3/4 a firewall and something that filters on layer 7 a proxy
Let me clarify with you that I understood you correclty.
the proxy firewall runs a http proxy that takes care of the checking..
As you can see in the link that I have posted, there are 3 devices:
1- Proxy firewall device
2- Proxy HTTP box
3- HTTP Server box
What did you mean by the "Proxy firewall" device runs a http proxy ? because i can see that they are two separate devices,,,,Am I right ?
If the "Proxy firewall" device run http proxy, why do I need to have proxy http server in this scenario ?
Did you mean to say that the "Proxy firewall" device here is for filtering layer 3 and layer 4 and not for filtering layer 7 ?