Application Gateway vs. Circuit Level Gateway: A Detailed Comparison

This article compares Application Gateways and Circuit Level Gateways, highlighting their differences and features, along with packet filters.

Application Gateway

• An Application Gateway is a host that runs a proxy service. This is particularly useful because packet-filtering routers often don’t allow TELNET and FTP connections. Application Gateways work in conjunction with packet filtering routers to provide both high security and flexibility.
• When a user needs to connect to an inbound site, they first connect to the Application Gateway, and then to the destination host.
• Benefits: Application Gateways offer several advantages, including:
  • Information hiding (protecting internal network details).
  • Robust authentication and logging.
  • Cost-effectiveness.
  • Simpler filtering rules.
• Disadvantages: The main drawbacks are:
  • TELNET connectivity requires two steps (connecting to the gateway, then to the destination), whether inbound or outbound.
  • Users need to connect to the firewall rather than directly to the host.
• Examples: TELNET, FTP, E-mail

Circuit Level Gateway

• A Circuit Level Gateway relays TCP connections.
• Crucially, it doesn’t perform any processing or filtering of the protocol itself.
• Example #1: An NNTP server and an NNTP client both connect to the firewall. After the connection is established, they can communicate directly, bypassing the firewall for the data transfer. The firewall simply passes bytes between the end systems.
• Example #2: After a connection is established using an application gateway, the firewall simply passes bytes between the hosts. This demonstrates circuit level gateway functionality.

Application Gateway vs. Circuit Level Gateway vs. Packet Filters: A Table

The following table summarizes the differences between Application Gateways, Circuit Level Gateways, and Packet Filters: