5
2
What's the difference between proxy and firewall? And can we integrate a nat or pat into a proxy or firewall?
5
2
What's the difference between proxy and firewall? And can we integrate a nat or pat into a proxy or firewall?
5
A Proxy Server is a device that:
acts as an intermediary for requests from clients seeking resources from other servers.
A Firewall is a device that is:
designed to permit or deny network transmissions based upon a set of rules
The former just lets all traffic through regardless of source or destination and is a way of routing requests through known gateways and is often used to allow companies to log network traffic for example.
A proxy may include a firewall as part of it's functionality but it doesn't have to.
I would expect that Network Address Translation (NAT) and Port Address Translation (PAT) - which is basically the same thing - would be functionality that could be built in, but NAPT is more used on routers etc. to:
However it is common to hide an entire IP address space, usually consisting of private IP addresses, behind a single IP address (or in some cases a small group of IP addresses) in another (usually public) address space.
1
And can we integrate a nat or pat into a proxy or firewall?
Yes, Microsoft's Threat Management Gateway (TMG) is an example of a proxy & firewall wrapped into one.
Hi uSlackr - could you revise answer to explain the differences? – Matthew – 2011-05-09T21:03:20.177
My answer is to the second part of his question. They can be integrated. – uSlackr – 2011-05-10T00:33:45.567
good point, I will change the vote. – Matthew – 2011-05-10T17:09:59.907
1
Proxies are used explicitly, for example a browser is configured to forward http requests to a proxy. A firewall is used implicitly, for example to drop some network connections. NAT works at the network level. NAT uses the same mechanisms as a stateful firewall to let a few machines appear with a single external IP address. Conceptually that makes NAT closer to a firewall. On the other hand the fact that a NAT rewrites packets (changing ports and addresses) is similar to a proxy changing ports and addresses and adjusting headers before relaying a request.
thank u! How to make an internal or a private network more secure, efficient and functional? Do we have to configurate all these equipmnt : PAT/NAT,Proxy,Firewall...??? – samia – 2011-05-09T21:32:43.230
Not all proxies are explicit. Consider the transparent proxy. Clients are not configured to use it, but their traffic is routed through it. – Xenoactive – 2011-05-10T02:50:11.190
@Xenoactive This kind of thing needs a different name. The HTTP spec defines proxies as used explicitly, and transparent proxies as proxies that don't alter the requests at all.
– Tobu – 2011-05-10T07:53:48.287
ok! can we integrate a nat/pat into a proxy or firewall? – samia – 2011-05-09T20:59:16.330
@samia - probably, but I'm not sure what "pat" stands for. – ChrisF – 2011-05-09T21:00:17.657
@Chris - pat is port address translation. – Matthew – 2011-05-09T21:04:04.403
@Matt - cheers. – ChrisF – 2011-05-09T21:04:47.323
@Chrisf (Port Adress Translation) like a nat(Network @ Transltion) used to associate a public adress to private ones to allow access on internet! becoz in our machines we have private @ and to access internet we need a public one!!! That's why a nat/pat are used for ;) – samia – 2011-05-09T21:05:21.363
@samia - you don't need PAT as such. NATing will do what you need with almost all firewall scenarios – Rory Alsop – 2011-05-09T21:08:51.407
NAT/PAT is something a router does, not a proxy or firewall. A firewall can block and open ports, the router actually does the traffic direction that you see with NAT/PAT. – MaQleod – 2011-05-09T21:16:27.383
@Rory: sorry but having a nat in such company is not enough to translate all private @!I think we need a pat to identify the location of a node in a network using its port otherwise when receiving a msg to send it to an x internal machine a nat cannot identify the destination??? If i'm wrong say to me please! – samia – 2011-05-09T21:16:48.407
Unless you have a very strange port lockdown on your machines NAT will absolutely do what you need. PAT is more for when you have a specific port restriction, but not commonly used the way you are describing – Rory Alsop – 2011-05-09T21:32:08.663
I can't underestand what you mean? could u pleaz repeate what's the difference between these 2 eqpmnt that you see? – samia – 2011-05-09T21:37:18.357