What's the difference between proxy and firewall?

What's the difference between proxy and firewall? And can we integrate a nat or pat into a proxy or firewall?

intranet

samia

Posted 2011-05-09T20:39:00.060

Reputation: 87

Answers

A Proxy Server is a device that:

acts as an intermediary for requests from clients seeking resources from other servers.

A Firewall is a device that is:

designed to permit or deny network transmissions based upon a set of rules

The former just lets all traffic through regardless of source or destination and is a way of routing requests through known gateways and is often used to allow companies to log network traffic for example.

A proxy may include a firewall as part of it's functionality but it doesn't have to.

I would expect that Network Address Translation (NAT) and Port Address Translation (PAT) - which is basically the same thing - would be functionality that could be built in, but NAPT is more used on routers etc. to:

However it is common to hide an entire IP address space, usually consisting of private IP addresses, behind a single IP address (or in some cases a small group of IP addresses) in another (usually public) address space.

ChrisF

Posted 2011-05-09T20:39:00.060

Reputation: 39 650

ok! can we integrate a nat/pat into a proxy or firewall? – samia – 2011-05-09T20:59:16.330

@samia - probably, but I'm not sure what "pat" stands for. – ChrisF – 2011-05-09T21:00:17.657

@Chris - pat is port address translation. – Matthew – 2011-05-09T21:04:04.403

@Matt - cheers. – ChrisF – 2011-05-09T21:04:47.323

@Chrisf (Port Adress Translation) like a nat(Network @ Transltion) used to associate a public adress to private ones to allow access on internet! becoz in our machines we have private @ and to access internet we need a public one!!! That's why a nat/pat are used for ;) – samia – 2011-05-09T21:05:21.363

@samia - you don't need PAT as such. NATing will do what you need with almost all firewall scenarios – Rory Alsop – 2011-05-09T21:08:51.407

NAT/PAT is something a router does, not a proxy or firewall. A firewall can block and open ports, the router actually does the traffic direction that you see with NAT/PAT. – MaQleod – 2011-05-09T21:16:27.383

@Rory: sorry but having a nat in such company is not enough to translate all private @!I think we need a pat to identify the location of a node in a network using its port otherwise when receiving a msg to send it to an x internal machine a nat cannot identify the destination??? If i'm wrong say to me please! – samia – 2011-05-09T21:16:48.407

Unless you have a very strange port lockdown on your machines NAT will absolutely do what you need. PAT is more for when you have a specific port restriction, but not commonly used the way you are describing – Rory Alsop – 2011-05-09T21:32:08.663

I can't underestand what you mean? could u pleaz repeate what's the difference between these 2 eqpmnt that you see? – samia – 2011-05-09T21:37:18.357

And can we integrate a nat or pat into a proxy or firewall?

Yes, Microsoft's Threat Management Gateway (TMG) is an example of a proxy & firewall wrapped into one.

uSlackr

Posted 2011-05-09T20:39:00.060

Reputation: 8 755

Hi uSlackr - could you revise answer to explain the differences? – Matthew – 2011-05-09T21:03:20.177

My answer is to the second part of his question. They can be integrated. – uSlackr – 2011-05-10T00:33:45.567

good point, I will change the vote. – Matthew – 2011-05-10T17:09:59.907

Proxies are used explicitly, for example a browser is configured to forward http requests to a proxy. A firewall is used implicitly, for example to drop some network connections. NAT works at the network level. NAT uses the same mechanisms as a stateful firewall to let a few machines appear with a single external IP address. Conceptually that makes NAT closer to a firewall. On the other hand the fact that a NAT rewrites packets (changing ports and addresses) is similar to a proxy changing ports and addresses and adjusting headers before relaying a request.

Tobu

Posted 2011-05-09T20:39:00.060

Reputation: 2 584

thank u! How to make an internal or a private network more secure, efficient and functional? Do we have to configurate all these equipmnt : PAT/NAT,Proxy,Firewall...??? – samia – 2011-05-09T21:32:43.230

Not all proxies are explicit. Consider the transparent proxy. Clients are not configured to use it, but their traffic is routed through it. – Xenoactive – 2011-05-10T02:50:11.190

@Xenoactive This kind of thing needs a different name. The HTTP spec defines proxies as used explicitly, and transparent proxies as proxies that don't alter the requests at all.

– Tobu – 2011-05-10T07:53:48.287