Application gateway

By checking content at application level, application gateways are a supplement to the packet-filter address validation and stateful-packet-inspection connection monitoring. As a rule, the high demands on hardware performance require the application gateway to run on a separate computer. This computer is located between the local network and the Internet. Seen from either direction, this computer is the only way to exchange data with the other network. There is no direct connection between the two networks, just to the application gateway.





The application gateway acts as a proxy for each of the two networks. Another name for this is a "dual-homed gateway" as this computer is, so to speak, at home in two networks.

A dedicated service is set up on the gateway for each of the permitted applications, such as SMTP for mail, HTTP for surfing the Internet, or FTP for data download.





This service receives the data received from one side and maps it to the other side. What at first glance looks like a rather superfluous mirroring of data actually represents the basic concept of application gateways: There is never a direct connection between a client on the local network and a server on the Internet. The computers in the LAN can only "see" the proxy, as can the computers from the Internet. This physical separation of LAN and WAN makes it much harder for an attacker to invade the protected network.

Put in terms of our earlier doorman's example, the parcel in this case is delivered at the gate and the courier may not even enter the company premises. The doorman accepts the parcel, opens it after checking the address and delivery note, and checks the contents. Once the parcel has successfully taken all these hurdles, an in-house messenger will take the parcel directly to the recipient in the company. The messenger thus becomes the representative of the courier on the company premises. Conversely, employees who want to send a parcel must call the doorman, who has the parcel picked up at the workplace and handed over to an appointed courier at the gate.

Note: The function of an application gateway is not supported by the device due to the high demands on the hardware.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo