Chapter 8: Firewall LANCOM Reference Manual LCOS 3.50
113
Firewall
only the one with the correct delivery note will pass. Likewise, a second cou-
rier demanding access to the employee will be rejected, too.
Application Gateway
By checking of contents on application level, Application Gateways increase
the address checking of the packet filters and the connection monitoring of
the Stateful Packet Inspection. The Application Gateway runs mostly on a sep-
arate workstation, because of the high demands to the hardware perform-
ance. This workstation is between the local network and the Internet. Seen
from both directions, this workstation is the only possibility to exchange data
with the respective other network. There doesn’t exist any direct connection
between these two networks, but just to the Application Gateway.
The Application Gateway is thus a kind of proxy for each of the two networks.
Another term for this constellation is the “dualhomed gateway”, because this
workstation is so to speak at home in two networks.
For each application to be allowed through this gateway, an own service will
be set up, e.g. SMTP for mail, HTTP for surfing the Internet or FTP for data
downloads.
This service accepts data received by either one of the two sides and depicts
it to the respective other side. What seems to be at first sight a needless mir-
roring of existing data, is on closer examination the far-reaching concept of
Internet Application gateway Local network
Mail SMTP
HTTP
FTP Local network