Limitations of Application Proxy Firewalls

Chia sẻ: Tuan Bui Nghia | Ngày: | Loại File: PDF | Số trang:1

0
39
lượt xem
4
download

Limitations of Application Proxy Firewalls

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Because of how effective application proxies can be at filtering traffic, one might wonder why everyone does not use an application proxy firewall.

Chủ đề:
Lưu

Nội dung Text: Limitations of Application Proxy Firewalls

  1. Limitations of Application Proxy Firewalls Because of how effective application proxies can be at filtering traffic, one might wonder why everyone does not use an application proxy firewall. There are a few good reasons for this. First, application proxies are only effective at proxying requests for applications that the proxy has defined. Unfortunately, most proxies can handle only a relatively small number of applications. This limitation means that the other applications are not permitted, or that you have to use a generic service proxy (which may not provide the required functionality), or that the proxy handles the additional traffic as a packet-filtering firewall (making the firewall a hybrid application proxy firewall). Second, application proxies tend to have worse performance than packet-filtering firewalls. This stands to reason because application proxies process packets to the application layer (in contrast to packet-filtering firewalls, which tend to process packets to the network or transport layer). This requires applications proxies to spend more time processing the packet, which results in increased latency in the delivery of data. Therefore, application proxies can generally handle fewer packets per second and a smaller maximum throughput than packet-filtering firewalls. Finally, application proxies tend to be more expensive than corresponding packet- filtering firewalls. This is because application proxies tend to have higher hardware requirements (generally needing faster processors and more memory) as well as higher development costs, because the application intelligence enabling the proxy to function requires more development and maintenance than a packet-filtering firewall. Consequently, application proxies tend to be used as more specialty firewalls, whereas packet-filtering firewalls tend to be a more general-purpose firewall.  
Đồng bộ tài khoản