Network Firewalls   «Prev 

Circuit-level Gateways

Question: What is the primary purpose of Circuit Level Gateways?
The primary purpose of Circuit Level Gateways is to provide secure communication between two endpoints by establishing a dedicated circuit or connection between them. This connection is maintained for the duration of the communication session, and all traffic between the endpoints is routed through the circuit level gateway. Circuit Level Gateways operate at the transport layer (Layer 4) of the OSI model and are designed to work with connection-oriented protocols, such as TCP. When a communication session is initiated, the circuit level gateway creates a new circuit between the two endpoints and performs a handshake process to establish the connection.
Once the connection is established, the circuit level gateway monitors the traffic flowing through the circuit and applies security policies to filter out any unauthorized or malicious traffic. This can include filtering based on IP address, port number, and other characteristics of the traffic. Circuit Level Gateways can provide a high level of security and are often used in environments where secure communication is critical, such as in financial transactions, healthcare, and government agencies. However, they can also introduce additional latency and overhead due to the need to establish and maintain the dedicated circuit.
There is also a fourth type of firewall. A dynamic packet filter is a combination of a packet filter and a circuit-level gateway, and it often has application layer semantics as well.
1) The transmission process begins when the internal system sends out a series of packets destined for the internet.

2) These packets, then go the circuit-level gateway, which checks them against its predetermined set of rules. If the packets do not violate any rules, the circuit-level gateway sends out the same packets on behalf of the internal system.

3) The packets that appear on the internet originate from the circuit-level gateway's external port's IP address, which is also the address that resolves any replies.