Re: Proxy vs. Firewall
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Tue, 10 Feb 2009 12:50:04 -0600
"Richard Valabik" <richardv@xxxxxxxxxxx> wrote in message
news:%23exw2KsiJHA.3656@xxxxxxxxxxxxxxxxxxxxxxx
Forgive me if this is a dumb question, but with newer firewalls capable of
features like content filtering (for example) why would companies even
need a proxy server any more? How many companies actually use proxy
servers these days? It seems most people use proxies to bypass firewalls
more than anything else.
You have an incomplete view of what a proxy is. What you are thinking of is
a Web Caching CERN Compliant Web proxy.
There ar also Winsock based Proxys
There are Socks based Proxys
....and probably a few other obscure types not worth mentioning.
Both the technology of "proxying" and the technology of "nat'ing" are just
simply two types of technology that you can *base* a Firewall on.
Therefore, except for the single-Nic CERN Compliant Web Cachining
Proxy,...proxys *ARE* firewalls. In the case of Microsoft's ISA Server (and
MS's TMG) it does both proxying and nat'ing and is (IMO) the most in-depth
and fully featured Firewall on the market today.
The difference between NAT'ing and Proxying:
NAT'ing is based on adding additional functionality on top of normal Layer3
Routing,...so the original packets actully pass through the device after
being modified by the NAT Editor.
Proxying receives the packet and the connection session *ends* (its over,
its dead). This is because the Proxy itself is the true destination of the
client,...rather than the destination you would think. The contents of the
packets are maintained and an entirely new session is created between the
Proxy and the final Destination. Then completely new packets are created and
the saved Data is inserted into them,..and then the proxy communicates with
the final Destination "on behalf" of the original source (hence the term
"proxy"). The whole thing is "rinse & repeat" on the return trip back.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Technet Library
ISA2004
http://technet.microsoft.com/en-us/library/cc302436(TechNet.10).aspx
ISA2006
http://technet.microsoft.com/en-us/library/bb898433(TechNet.10).aspx
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.mspx
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
.
- References:
- Proxy vs. Firewall
- From: Richard Valabik
- Proxy vs. Firewall
- Prev by Date: Re: Print ISA Server Rules
- Next by Date: Re: ISA 2006 WPAD.DAT not working.
- Previous by thread: Proxy vs. Firewall
- Next by thread: ISA 2006 WPAD.DAT not working.
- Index(es):
Relevant Pages
|
Loading
