An Application Proxy is one of the most secure firewall types that can be deployed. The application proxy sits between the protected network and the rest of the world. Every packet that is sent outbound is intercepted by the proxy, which will initiate its own request and processes the response. If the packet is not a threat, the response is relayed back to the user. Thus, clients and servers never interact directly and the entire content of the packet can be inspected byte by byte if necessary. Different applications such as Java code can be checked in a Java Sandbox to assess effects before passing the packet on to a host.
Additional Reading: Microsoft’s Latest Cloud Innovation: Printing
Related Terms: De-Militarized Zone, Firewall, Reverse Proxy
What does this mean for a SMB?
Application proxies are usually found in firewalls. The main deterrent to an Application proxy firewall is the performance hit of this technology on throughput. Most firewalls today are stateful inspection firewalls which can pass more traffic more quickly while still performing some (but not all) of the checks and security measures present in an Application proxy based firewall. Since stateful inspection firewalls have come a long way in security protections, they represent the majority of firewalls on the market today. There is less demand therefore in all businesses (Enterprise, Mid-market, and SMB) for application proxy based firewalls.
Where all businesses should consider using application based proxies is for all Internet traffic being passed into your business network. In these cases, even when passing this traffic to a De-Militarized Zone (DMZ) you should consider an application proxy to inspect and validate that traffic is legitimate and benign.