Firewalls enforce network access via a positive control model, where only specific traffic defined in policies is granted access to the network while all other traffic is denied. Access Control Lists (ACLs) initially performed this functionality, often in routers, but their rudimentary approach gave way to dedicated packet filtering and stateful inspection firewall devices that offered deeper levels of access controls. Unfortunately, these traditional firewalls shared a common shortcoming-an inability to see all of the applications traversing the network across all ports and protocols. The use of proxy-based devices began providing more granular visibility into a small set of applications and protocols where traditional firewalls were blind.
This white paper provides an overview of:
- The problems with proxies and standalone url filtering;
- The power of next-generation network security platforms;
- Primary methods of performing proxy forwarding.