Application Gateway vs. Circuit Level Gateway: A Detailed Comparison
Advertisement
This article compares Application Gateways and Circuit Level Gateways, highlighting their differences and features, along with packet filters.
Application Gateway
- An Application Gateway is a host that runs a proxy service. This is particularly useful because packet-filtering routers often don’t allow TELNET and FTP connections. Application Gateways work in conjunction with packet filtering routers to provide both high security and flexibility.
- When a user needs to connect to an inbound site, they first connect to the Application Gateway, and then to the destination host.
- Benefits: Application Gateways offer several advantages, including:
- Information hiding (protecting internal network details).
- Robust authentication and logging.
- Cost-effectiveness.
- Simpler filtering rules.
- Disadvantages: The main drawbacks are:
- TELNET connectivity requires two steps (connecting to the gateway, then to the destination), whether inbound or outbound.
- Users need to connect to the firewall rather than directly to the host.
- Examples: TELNET, FTP, E-mail
Circuit Level Gateway
- A Circuit Level Gateway relays TCP connections.
- Crucially, it doesn’t perform any processing or filtering of the protocol itself.
- Example #1: An NNTP server and an NNTP client both connect to the firewall. After the connection is established, they can communicate directly, bypassing the firewall for the data transfer. The firewall simply passes bytes between the end systems.
- Example #2: After a connection is established using an application gateway, the firewall simply passes bytes between the hosts. This demonstrates circuit level gateway functionality.
Application Gateway vs. Circuit Level Gateway vs. Packet Filters: A Table
The following table summarizes the differences between Application Gateways, Circuit Level Gateways, and Packet Filters:
Feature | Packet Filters | Application Gateway | Circuit Level Gateway |
---|---|---|---|
Security | Simple and least secure | Most secure approach | More secure than packet filter but not as secure as application gateway. |
Implementation | Many routers provide this functionality | Unique program for each application | Relay TCP connections |
Packet Handling | Passes or rejects packets based on rules | good for authentication and logging | passes byte streams after initial connection |
Access Control | Permission granted by port address | ||
Manageability | Hard to manage | ||
Transparency | Not always transparent to users | ||
Application Awareness | No application level checking | Can understand what is carried in the packet. | |
Error Potential | Easy to make mistakes | ||
Common Uses | Used for email, FTP, TELNET, WWW | ||
Filtering Rules | |||
Authentication and Logging | good for authentication and logging |