Packet Filtering versus Application Proxy

Packet Filtering Application Proxy
Certain services (e.g., SMTP, HTTP, or NTP) are usually safe to control via packet filters others (e.g., DNS, FTP) may require the more complex features available only in proxies
Fast Slower
harder to configure because they are configured at a lower level may be easier to configure but, application oriented

In cases where greater access control is required and the poorer performance of proxies cannot be tolerated, stateful inspection packet filters (Packet Filtering with limited Application Proxy capabilities) may be an acceptable compromise

© Lynne Grewe
on a special purpose router
  • special purpose routers
  • SAME (but on special purpose proxy machines...not routers)  

    More expensive machines...possiblye

    As a result of making more complex filtering and access control decisions, application proxies can require significant computing resources

    In cases where greater access control is required and the poorer performance of proxies cannot be tolerated, stateful inspection packet filters (Packet Filtering with limited Application Proxy capabilities) may be an acceptable compromise

    © Lynne Grewe