What Is a Proxy Firewall and How Does It Work? | Fortinet (2024)

A proxy firewall, also known as an application firewall or a gateway firewall, limits the applications that a network can support, which increases security levels but can affect functionality and speed. A proxy firewall is the most secure form of firewall, which filters messages at the application layer to protect network resources.

Traditional firewalls are not designed to decrypt traffic or inspect application protocol traffic. They typically use anintrusion prevention system (IPS)orantivirus solutionto protect against threats, which only covers a small fraction of the threat landscape that organizations now face.

Aproxy serveraddresses this gap by providing a gateway or intermediary between computers and servers on the internet to secure data that goes in and out of a network. It determines which traffic should be allowed and denied and analyzes incoming traffic to detect signs of a potential cyberattack ormalware. A proxy server firewall caches, filters, logs, and controls requests from devices to keep networks secure and prevent access to unauthorized parties and cyberattacks.

A proxy firewall is considered the most secure form of firewall because it prevents networks from directly contacting other systems. It has its ownInternet Protocol (IP) address, which means an external network connection cannot receive packets directly from the network.

A proxy firewall works by providing a single point that enables organizations to assess the threat level of application protocols and implement attack detection, error detection, and validity checks. It uses tactics likedeep packet inspection (DPI)and proxy-based architecture to analyze application traffic and discover advanced threats.

A proxy network will likely have one computer directly connected to the internet. Other computers in the network access the internet by using the main computer as a gateway, which enables the proxy to cache documents requested by multiple users. A user attempting to access an external site through a proxy firewall would do so through this process:

1. The user requests access to the internet through a protocol such as File Transfer Protocol (FTP) or Hypertext Transfer Protocol (HTTP).
2. The user’s computer attempts to create a session between them and the server, sending a synchronize (SYN) message packet from their IP address to the server’s IP address.
3. The proxy firewall intercepts the request, and if its policy allows, replies with a synchronize-acknowledge (SYN-ACK) message packet from the requested server’s IP
4. When the SYN-ACK packet is received by the user’s computer, it sends a final ACK packet to the server’s IP address. This ensures a connection to the proxy but not a validTransmission Control Protocol (TCP) connection.
5. The proxy completes the connection to the external server by sending a SYN packet from its IP address. When it receives the server’s SYN-ACK packet, it responds with an ACK packet. This ensures a valid TCP connection between the proxy and the user’s computer and between the proxy and the external server.
6. Requests made through the client-to-proxy connection then the proxy-to-server connection will be analyzed to ensure they are correct and comply with the corporate policy until either side terminates the connection.

This process ensures a highly secure network that provides deep inspection of the contents of every packet that flows in and out of a network.

Proxy servers are often implemented through bastion hosts, which are systems likely to come under direct cyberattack. Proxy firewalls monitornetwork trafficfor core internet protocols, such as Layer 7 protocols, and must be run against every type of application it supports. These include Domain Name System (DNS), FTP, HTTP,Internet Control Message Protocol (ICMP), and Simple Mail Transfer Protocol (SMTP).

A proxy firewall is essentially a go-between for every connection on a network. Every computer on the network establishes a connection through the proxy, which creates a new network connection. For example, if a user wants to visit an external website, then packets are processed through an HTTP server before they are forwarded to the requested website. Packets from the website are then processed through the server before being forwarded to the user.

Proxy firewalls centralize application activity into one single server. This enables organizations to inspect packets for more than simply source and destination addresses and port numbers. As a result, most firewalls now have some form of proxy server architecture.

Proxy firewalls will often be deployed within a set of trusted programs that support a specific application protocol. This ensures complete analysis of the protocol’s security risk and offers enhanced security control than is possible through a standard firewall.

FortiGate Next Generation Firewalls (NGFW) seamlessly integrates advanced networking and robust security providing industry-leading threat protection and decryption with a custom ASIC architecture for superior performance and energy efficiency at scale. Powered by FortiOS ensuring consistent security across networks, streamlining operations, and convergence of networking and security across WLAN, LAN, SASE, and NGFW eliminating the need for multiple products with integrated SD-WAN and Universal ZTNA into FortiGates. Customers are safeguarded against the latest threats with AI-enhanced protection from FortiGuard Security Services and FortiManager for centralized and unified policy management of Hybrid Mesh Firewalls. FortiGates are the foundation of the Fortinet Security Fabric ensuring consistent security, converging networking and security to rapidly respond to threats, and ensuring a secure, responsive network environment. This comprehensive platform approach, covering everything across diverse networks, endpoints, and clouds, provides a tailored, efficient cybersecurity solution.