Transparent mode and transparent proxy for firewalls

Source: Internet
Author: User
Tags ftp modify client firewall

With the development of firewall technology, the firewall with high security, easy operation and friendly interface has become a hot spot in the market gradually. In this case, it can greatly simplify the firewall settings, improve security performance of transparent mode and transparent agent is a measure of product performance is an important indicator. So in the process of recommending products, many manufacturers often introduce their own products to achieve transparent mode and transparent agent. So what is transparency and transparent proxies? What's the relationship between them? Below we will do a specific analysis.

Transparent mode, as the name suggests, the first feature is transparent to the user (transparent), that is, the user is not aware of the existence of firewalls. To achieve transparent mode, the firewall must work without an IP address, no IP address is required, and the user does not know the IP address of the firewall. Firewalls as physical devices that actually exist, it also plays a role in routing, so when installing a firewall for users, you need to consider how to change its original network topology or modify the routing table connecting the firewall to meet the actual needs of users, thus increasing the complexity and difficulty of the work. However, if the firewall uses transparent mode, that is, run without IP, the user will not have to reset and modify the route, the firewall can be installed and put into the network directly, such as switches do not need to set IP address.

Transparent mode firewall is like a network bridge (opaque firewall like a router), network devices (including hosts, routers, workstations, etc.) and all computer settings (including IP addresses and gateways) need not be changed, and all packets through it are parsed, increasing the security of the network, Also reduces the complexity of user management.

and transparent mode in the salutation similar to the transparent agent, like the traditional proxy, can be more in-depth than packet filtering to check the data information, such as FTP packet Port command. It is also a very fast proxy, physically separating connections, which can provide more complex protocol requirements, such as H.323 with dynamic port allocations, or a connection with different command ports and data ports. Such communication cannot be accomplished by packet filtering.

The firewall uses the transparent proxy technology, these proxy service is also transparent to the user, the user consciousness does not have the firewall existence, then can complete the internal and external network communication. When internal users need to use transparent proxy to access external resources, users do not need to set up, the proxy server will establish a transparent channel, so that users directly communicate with the outside world, which greatly facilitates the user's use.

When using a proxy server generally, each user needs to indicate in the client program that they want to use the proxy, setting proxy parameters (such as a special setting in the browser to indicate proxies such as HTTP or FTP). Transparent proxy service, the user does not need any settings can use Proxy server, simplifying the network setup process.

The principle of transparent proxy is as follows: Suppose A is an internal network client, B is an external network server, and C is a firewall. A TCP connection request is intercepted and monitored by the firewall when a is connected to B. When the connection is found to use a proxy server, the first connection between A and C is established, and then the firewall establishes the corresponding Proxy service channel to establish a connection with Target B, thereby establishing the data transmission path of a and target address B through the proxy server. From a user's point of view, the connection between A and B is direct, whereas a is actually a connection through Proxy server C and B. Conversely, the principle is the same when B has a connection request to a. Since these connection processes are automatic, the client is not required to manually configure the proxy server, and even the user is unaware of the presence of the proxy server, and thus transparent to the user.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.