2 Replies Latest reply on Mar 16, 2015 11:14 AM by mike18

    Meaning of Proxy in firewall

    mike18

      Hi Everyone,

       

      I came across term proxy in Mcafee Product guide quite often.

      IF anyone can explain me what does proxy mean here?

       

      Regards

      Mike

        • 1. Re: Meaning of Proxy in firewall
          PhilM

          Mike,

           

          I suggest you have a look at the document sliedl submitted concerning the workings of MFE v8 as it may help to answer many questions for someone who is new to this product.

           

          MFE and its predecessor, Sidewinder, have always primarily operated as proxy-based Firewall. If I were to try and describe this, unlike typical packet filter based Firewall products, the Firewall not only acts as the decision maker (should a connection pass or not), but is also plays an active role in [i]how[/i] the connection passes through the Firewall and will provide basic compliance (packet sizes, etc...) without needed additional IPS functionality. It does this by deconstructing the packet on the source interface and then re-building it again on the destination interface. If the packet doesn't conform to the basic parameters (malformed) it will be rejected. Taking it to the next level there are then a collection of application-specific proxies (look at the list of different application defense types). These services add application layer-specific intelligence. For the HTTP service, for example, it understands what a valid HTTP conversation 'looks like' in addition to the fact that the protocol uses TCP port 80. If you create a rule using the HTTP service and then try to pass telnet traffic on port 80 the Firewall will refuse the request. There are then protocol-level controls provided by the application defense for that protocol. So, for FTP, you can create a rule to allow the service and then apply a custom FTP application defense that stops the FTP client from executing specific statements (allow GET, but deny PUT).

           

          Most of these proxies are transparent to the user, so you must not confuse the use of the word 'proxy' with web proxies where you need to enter proxy settings into the web browser. However, with certain proxy types they can be either transparent, non-transparent (where the user or client application must connect to the Firewall first) or both.

           

          Have a look at Sam's (sliedl) document to see how these functions operate in the current version as it is somewhat different to v7 and earlier.

           

          -Phil.

          • 2. Re: Meaning of Proxy in firewall
            mike18

            Many thanks Phil i will have look.