With the development of firewall technology, the firewall with high security, easy operation and friendly interface has become a hot spot in the market gradually. In this case, it can greatly simplify the firewall settings, improve security performance of transparent mode and transparent agent is a measure of product performance is an important indicator. So in the process of recommending products, many manufacturers often introduce their own products to achieve transparent mode and transparent agent. So what is transparency and transparent proxies? What's the relationship between them? Below we will do a specific analysis.
Transparent mode, as the name suggests, the first feature is transparent to the user (transparent), that is, the user is not aware of the existence of firewalls. To achieve transparent mode, the firewall must work without an IP address, no IP address is required, and the user does not know the IP address of the firewall. Firewalls as physical devices that actually exist, it also plays a role in routing, so when installing a firewall for users, you need to consider how to change its original network topology or modify the routing table connecting the firewall to meet the actual needs of users, thus increasing the complexity and difficulty of the work. However, if the firewall uses transparent mode, that is, run without IP, the user will not have to reset and modify the route, the firewall can be installed and put into the network directly, such as switches do not need to set IP address.
Transparent mode firewall is like a network bridge (opaque firewall like a router), network devices (including hosts, routers, workstations, etc.) and all computer settings (including IP addresses and gateways) need not be changed, and all packets through it are parsed, increasing the security of the network, Also reduces the complexity of user management.
and transparent mode in the salutation similar to the transparent agent, like the traditional proxy, can be more in-depth than packet filtering to check the data information, such as FTP packet Port command. It is also a very fast proxy, physically separating connections, which can provide more complex protocol requirements, such as H.323 with dynamic port allocations, or a connection with different command ports and data ports. Such communication cannot be accomplished by packet filtering.
The firewall uses the transparent proxy technology, these proxy service is also transparent to the user, the user consciousness does not have the firewall existence, then can complete the internal and external network communication. When internal users need to use transparent proxy to access external resources, users do not need to set up, the proxy server will establish a transparent channel, so that users directly communicate with the outside world, which greatly facilitates the user's use.
When using a proxy server generally, each user needs to indicate in the client program that they want to use the proxy, setting proxy parameters (such as a special setting in the browser to indicate proxies such as HTTP or FTP). Transparent proxy service, the user does not need any settings can use Proxy server, simplifying the network setup process.
The principle of transparent proxy is as follows: Suppose A is an internal network client, B is an external network server, and C is a firewall. A TCP connection request is intercepted and monitored by the firewall when a is connected to B. When the connection is found to use a proxy server, the first connection between A and C is established, and then the firewall establishes the corresponding Proxy service channel to establish a connection with Target B, thereby establishing the data transmission path of a and target address B through the proxy server. From a user's point of view, the connection between A and B is direct, whereas a is actually a connection through Proxy server C and B. Conversely, the principle is the same when B has a connection request to a. Since these connection processes are automatic, the client is not required to manually configure the proxy server, and even the user is unaware of the presence of the proxy server, and thus transparent to the user.
Proxy server can do the internal and external address conversion, shielding the details of the intranet, so that illegal elements can not detect the internal structure. The proxy server provides a special filtering command that prevents users from using unsafe commands that are prone to attack and fundamentally protects against attacks.
The firewall uses the transparent proxy technology, can also make the Firewall service port cannot detect, also cannot attack the firewall, greatly enhances the firewall the security and the attack resistance. The transparent proxy avoids the error which may appear in the setting or use, reduces the security risk and the error probability inherent in the firewall usage, facilitates the user to use.
Therefore, transparent proxy and transparent mode can simplify the setting of firewall and improve the security of the system. But there is a fundamental difference between the two: a firewall working in transparent mode uses the technology of transparent proxies, but transparent proxies are not the whole of transparent mode, and the firewall can use transparent proxies in non-transparent mode. It is noteworthy that although many firewall products in the domestic market can provide transparent proxy access mechanism, but there are few real transparent models-many vendors claim that their firewall products are transparent, but in practical applications they do not do this, but only transparent proxies.