1 of 1 people found this helpful
the proxy modes (transparent bridge, explicit proxy, etc.) only define how the traffic is routed to MWG. The same features are available. In transparent mode MWG will intercept the specified ports (80 and 443 for example), all other applications are simply forwarded and not filtered. For non-HTTP applications you will need a proxy/firewall that is capable of filtering those protocols.
On MWG you can only setup one bridge interface per appliance. It comes with 4 NICs, so you can have 2 for the bridge and one for management tasks and/or cluster communication. In case you have two network segments you need two boxes or place the box at a place where both network segments come together, maybe in front of/behind the firewall before reaching out to the internet.
Most questions in regards to sizing, the best setup for you and prices should go to sales. Please contact a local sales representative, they will provide you with all information that is required.
is it secured to put appliance infront of firewall behind internet router ? is the appliance has firewall features like defense against DDos and access only from defined ip's ?
Basically it would be preferred if there is another firewall layer protecting MWG from unauthorized Internet Accesses. It is similar to every other service you run, usually you won´t run it unprotected. MWG has a rudimentary firewall feature called network protection. You can restrict inbound traffic and device to drop/accept it. However there is no dedicated feature set for detecting attacks against the proxy or to allow MWG to defend itself.