Chapter 9 Configuring Proxied Services - Watchguard Firebox X1000 User Manual

Configuring Proxied
CHAPTER 9
Services
Proxy filtering goes a step beyond packet filtering by
examining a packet's content, not just the packet's
header. Consequently, the proxy determines whether a
forbidden content type is hidden or embedded in the
data payload. For example, an email proxy examines
all SMTP packets to determine whether they contain
forbidden content types, such as executable programs
or items written in scripting languages. Such items are
common methods of transmitting computer viruses.
The SMTP proxy knows these content types are not
allowed, while a packet filter would not detect the
unauthorized content in the packet's data payload.
Proxies work at the application level, while packet fil-
ters work at the network and transport protocol level.
In other words, each packet processed by a proxy is
stripped of all network wrapping, analyzed,
rewrapped, and forwarded to the intended destina-
tion. This adds several layers of complexity and pro-
cessing beyond the packet filtering process. What this
means, of course, is that proxies use more processing
bandwidth than packet filters. On the other hand, they
User Guide 135