Also known as
application proxy or
application-level proxy, an application gateway is an
application program that runs on a
firewall system between two
networks. When a
client program establishes a connection to a
destination service, it connects to an application gateway, or
proxy. The client then negotiates with the
proxy server in order to communicate with the destination service. In effect, the proxy establishes the connection with the destination behind the firewall and acts on behalf of the client, hiding and protecting individual computers on the network behind the firewall. This creates two connections: one between the client and the proxy server and one between the proxy server and the destination. Once connected, the proxy makes all
packet-forwarding decisions. Since all communication is conducted through the proxy server, computers behind the firewall are protected.
While this is considered a highly secure method of firewall protection, application gateways require great memory and processor resources compared to other firewall technologies, such as stateful inspection.