Network Firewalls   «Prev  Next»

Lesson 4Proxy servers and circuit-level gateways
ObjectiveDescribe proxy servers and configure circuit-level gateways.

Proxy Servers and Circuit-level Fateways

Proxy servers allow you to conceal as much information as possible about the inner configuration while still enabling efficient communication. Proxies such as circuit and application gateways create a complete break between your inside systems and external systems. This break allows your firewall system to examine everything before passing it into or out of your internal network.

Circuit-level Gateways

A circuit-level gateway acts as an IP address translator between the Internet and your internal systems. It transfers inbound and outbound network packets, shielding the IP addresses of the internal network from the Internet at the network level.

Proxy Server Transmission Process

Let's take a look at the proxy server transmission process using a Slide Show to walk through the steps.
1) proxy-server1 2) proxy-server2 3) proxy-server3
  1. The transmission process begins when the internal system sends out a series of packets destined for the internet.
  2. These packets, then go the circuit-level gateway, which checks them against its predetermined set of rules. If the packets do not violate any rules, the circuit-level gateway sends out the same packets on behalf of the internal system.
  3. The packets that appear on the internet originate from the circuit-level gateway's external port's IP address, which is also the address that resolves any replies.

Circuit Level Gateways

Network address translation

The primary advantage of circuit-level gateways is Network Address Translation (NAT). NAT translates internal IP addresses to addresses registered by Internet Assigned Numbers Authority (IANA).
NAT allows security and network administrators great flexibility when developing an address scheme internally.

Question: What is the principle characteristic of the IP addresses issued by (IANA) Internet Assigned Numbers Authority?
Answer: The primary characteristic of the IP addresses issued by the Internet Assigned Numbers Authority (IANA) is that they are globally unique and used to identify devices on the Internet. IANA is responsible for allocating IP addresses to regional Internet registries (RIRs), which in turn allocate IP addresses to organizations and Internet service providers (ISPs). The IP addresses issued by IANA are divided into five classes, including
  1. Class A,
  2. Class B,
  3. Class C,
  4. Class D, and
  5. Class E.
Classes A, B, and C are used for standard IP addresses, while Classes D and E are used for special purposes, such as multicast and experimental networks.
Each IP address issued by IANA consists of two parts: the network identifier and the host identifier. The network identifier identifies the network to which the device belongs, while the host identifier identifies the specific device within that network. IANA also assigns blocks of IP addresses to various organizations and groups, including ISPs, government agencies, and private companies. This helps to ensure that there are enough IP addresses to meet the needs of the growing number of devices and users on the Internet.
Overall, the primary characteristic of the IP addresses issued by IANA is that they are globally unique and essential for identifying devices on the Internet.
Network addresses from IANA
recommended for internal IP addressing to to to

If one of the listed network addresses is chosen, it is not necessary to register the addresses with any Internet authority. All routers on the Internet are programmed to automatically discard any address that has a source or destination of the aforementioned private network IDs. If the machine is configured with a private address, it still cannot be accessed remotely because no routes are available to it.