Packet Filtering versus Application Proxy
Packet Filtering |
Application Proxy |
Certain services (e.g., SMTP, HTTP, or
NTP) are usually safe to control via packet filters |
others (e.g., DNS, FTP) may require the
more complex features available only in proxies |
Fast |
Slower |
harder to configure because they are configured at
a lower level |
may be easier to configure but, application oriented |
In cases where greater access control is required and the poorer performance
of proxies cannot be tolerated, stateful inspection packet filters
(Packet Filtering with limited Application Proxy capabilities) may be
an acceptable compromise
|