Proxy vs Hardware Firewall

travisdh1

TL:DNR Both, you want both.

Proxy servers can be used for a number of different things. Most common are local cache for popular sites and controlling what websites and/or services are made available to users. Hardware firewalls should be doing things like SPI (statefull packet inspection), IPS (intrusion prevention system), IDS (intrusion detection system), etc.

scottalanmiller

@Lakshmana said:

What is the difference between he Proxy server and Hardware Firewall?

They are not overlapping things so it is not about what is different, it is about "what is each of them?"

Firewall is the thing that blocks communications from coming through between networks. This is a layer 4 device and will block by port or address. It's a pure security device.

Proxy is a server that does things on behalf of another machine. A standard proxy is a web proxy used for many machines to contact that then talks to web servers on their behalf. This is used for security, monitoring, caching and more. A proxy is useless for security unless you also have a firewall.

scottalanmiller

Both are broad concepts. There are reverse proxies too that sit in front of web servers. Jump Servers are a form of proxy.

wrx7m

UTM can combine these things and others into a single physical appliance or a virtual one.

JaredBusch

@wrx7m said:

UTM can combine these things and others into a single physical appliance or a virtual one.

I severely dislike UTM devices. I prefer things to be on their own box.

dafyre

@JaredBusch said:

@wrx7m said:

UTM can combine these things and others into a single physical appliance or a virtual one.

I severely dislike UTM devices. I prefer things to be on their own box.

There's something to be said for that. Out of 2 UTM appliances (Fortigate and commercial smoothwall setup), I was never able to enable all of the features or traffic would come to a screeching halt -- even if the boxes were "appropriately sized" for our network.

wrx7m

I like my Sophos UTM SG 210. For an SMB, this thing is great!

scottalanmiller

@dafyre said:

@JaredBusch said:

@wrx7m said:

UTM can combine these things and others into a single physical appliance or a virtual one.

I severely dislike UTM devices. I prefer things to be on their own box.

There's something to be said for that. Out of 2 UTM appliances (Fortigate and commercial smoothwall setup), I was never able to enable all of the features or traffic would come to a screeching halt -- even if the boxes were "appropriately sized" for our network.

Netgear, too. Their ProSecure slows you down a LOT.

scottalanmiller

@JaredBusch said:

@wrx7m said:

UTM can combine these things and others into a single physical appliance or a virtual one.

I severely dislike UTM devices. I prefer things to be on their own box.

Same here.

coliver

@JaredBusch said:

@wrx7m said:

UTM can combine these things and others into a single physical appliance or a virtual one.

I severely dislike UTM devices. I prefer things to be on their own box.

I learned this the hard way. Would never go back to a UTM now.