I was wondering which firewalls are proxy-firewalls, especially the free, cheap and easy ones (I know, an almost impossible combination). Proxy firewalls vs. 'deep inspection', 'stateful inspection': See: http://www.ranum.com/security/computer_security/editorials/deepinspect/index.html
Proxy firewalls could be seen as a grey area, certainly with the various explanations and the way terminology appears to be changed so easily. I can look from various points/views. Lets say, look at KISS or NOD (SS), these contain AV, so all connections to internet go through internal filtering of known sigs, so those, from that point can be classed as "Proxy". But, if you look at Outpost pro, you will find an "Attack plugin", now all packets are sent through that (when installed/active), so from my personal view, I can see that as a proxy. As for:- My thinking: Proxy firewall will have other attached support, such as AV and/or packet filtering addon Deep inspection, similar to above, but such does examine the contents of packet rather than just header info stateful inspection, well, this as been discussed before. If we look, say at TCP filtering (which I would still class as TCP SPI), then there are various implementations of such. - Stem
Hello, I would define a proxy firewall as one that gets packets from computers on one network, masquerades them and sends them to another network. Not much different from NAT, except that such a firewall would not allow reverse DNS queries to any address on the firewalled network, for instance. Mrk