Re: Application Firewall

["Bryan S. Sampsel" <bsampsel () libertyactivist org>]

Actually, that's not quite true.  The BlueCoat is a specialized device
that protects one thing.  However, I would not deploy it in the open on
its own, as I would a Borderware or Sidewinder firewall.

It's an application proxy, but it is not a full firewall in and of itself.

A Sidewinder, even before they added packet filter capabilities, does
qualify as a firewall.  As did the old Raptor and Gauntlet firewalls.

The Cisco ASA is a stateful packet inspection firewall, but does not
protect the upper areas of the OSI model.  Nor does it present a hardened
IP stack between two ends of a protected connection.  It  filters the
connection, but when a connection is allowed, it is directly connected to
the end point.

Whereas, with the Sidewinder Firewall, if an FTP proxy is sitting between
the client and server, the client connects to the proxy and hardened IP
stack of the Sidewinder.  The Sidewinder's proxy, which does have some
additional protections/limitations that can be configured, then initiates
the connection to the server on behalf of the client.  Even when using a
"generic" proxy, at the very minimum, the client is protected by the
hardened IP stack of the Sidewinder.

While a straight packet filter firewall has its place, it does not protect
to the same extent.


? aditya mukadam ? wrote:
> Application level firewalls are actually not firewalls but can be
> called as intelligent proxies. Cisco ASA is a stateful firewall.
>
> I know BlueCoat proxy which would categorize as application level
> firewall.