Weak current College】 【firewall transparent mode and transparent proxy.

<br> <br> The development of skills as a firewall, security, easy to operate, user-friendly firewall gradually become market hotspots. In this case, you can greatly simplify firewall configuration, improve the safety performance of transparent and transparent proxy will .become the primary measure of product performance indicators. So in the selection of products of the process, many manufacturers tend to introduce their products to achieve a transparent mode and a transparent proxy. So just what is transparent and transparent proxy? they are what ties between .? let's do specific analysis. <br> Transparent mode, as the name suggests, the most important characteristic is transparent to the user (Transparent), that is, users don't realize the presence of a firewall. In order to achieve transparent mode ., the firewall must in no case of IP addresses, it is not necessary to configure the IP address, the user does not know the IP address of the firewall. Firewall as the physical device itself also plays the role of the routing, so for users .to install a firewall, you need to consider how to alter its original network topology or modify Connection Firewall routing table to make the user's actual need, so you added the work complexity and difficulty. But if the firewall using the transparent mode, that is, .using an IP forms running, users will not have to reset and modify routing, firewalls can install and use the network, such as the switch does not have to configure the IP address. <br> Transparent mode of the firewall as a network bridge ( .non-transparent firewall as a router), the network equipment (including hosts, routers, workstations, etc) and all the computer's configuration (including IP address and gateway) analyses without changes, all packets through it, added network security, and reduces the .complexity of the user management. <br> With transparent mode in terms similar to the transparent proxy, and the traditional agent, can be better than packet filtering a deeper examination of data information, such as the FTP port command of the package. At the .same time it is also a very fast proxy, physically separating the connection, this can provide more complex protocols requiring, for example, with dynamic port allocation of H.323, or one with a different command port and data port connections. This communication is .the packet filtering will not be able to complete. <br> Firewall using a transparent proxy skills, these agents service is transparent to the user doesn't realize the presence of a firewall, you can complete internal and external network communications. When an internal .user to use the transparent proxy access external resources, users do not need to perform the configuration, the proxy server will establish transparent channel, allowing users to communicate directly with the outside world, this great place is the use of the user. <br> .General use of a proxy server, each user in the client program to use the proxy specified in their configuration Proxy parameters (such as in the reader have special configuration to specify the HTTP or FTP proxy). The transparent proxy service, the user does not .need any configuration you can use a proxy server that simplifies network configuration process. <br> The principle of transparent proxy as follows: suppose A client for the internal network to an external network, B, C as the firewall server. When A connection request .on the having B, the TCP connection request is firewall interception and monitoring. Interception when found to be using a proxy server connection, the A and C to establish a connection between the first, and then a firewall to establish the appropriate proxy service channel and .target B establish a connection, thereby establishing A through a proxy server and the destination address B channels of data transmission. From a user perspective, A and B of the connection is direct, in fact A is through a proxy server C and B establish a .connection. Conversely, when B on A principle of a connection request is the same. Because the connection process is automatic, not need client manually configure a proxy server, or the user does not know the existence of the proxy server, which is transparent to .the user. <br> Proxy servers can do the conversion, and outside address masks the details of the internal network so that illegal elements cannot ascertain internal structure. Proxy server with special filter command, you can prevent users from using easily attack of unsafe commands ., fundamentally against attacks. <br> Firewall using a transparent proxy, you can make the firewall service port does not detect and cannot execute the attack on the firewall, greatly improving the the firewall security and resistance to aggressive. Transparent proxy prevents configuration or application .may appear incorrect application of the reduced firewall inherent in security crises and error probability, user-friendly application. <br> Therefore, a transparent proxy and transparent mode can simplify the configuration of the firewall to improve system security. But in between there are essential .differences: work in a transparent mode of the firewall using a transparent proxy of skills, but the transparent proxy is not a transparent mode of all, the firewall in the non-transparent mode or you can use the transparent proxy. Worthy of notice that, .although the domestic market, many firewall products can provide the transparent proxy access mechanism, but the real implementation of transparent mode but not more - a lot of manufacturers have declared that their firewall product enables transparent mode, but in actual use, they tend to do .this, but merely enables a transparent proxy. <br>.