Basically it's a set of application-specific proxies on your firewall. So rather than just making firewall decisions based on IP address or port etc, the firewall "understands" the application-layer protocol being used and knows what is normal behaviour during an HTTP or FTP or SMTP transaction and so will enforce the rules. This means it can detect and block some types of attack that a normal firewall would miss. Also, because it is a proxy, it sits between the sender and recipient, intercepting then passing on the requets and replies at an application level. This in itself adds security too. Many of the higher-end firewall products provide application proxy facilites you can turn on or off as required. The label "Application Inspection firewall" in essence just describes a firewall with those kind of facilities in it's arsenal
Hope that helps...
Re: WHAT is Application inspection ???
14 years 2 months ago #4500
TheBishop is right.. basically you have different filtering devices that work at different levels of the OSI model.. for example a router with ACL's is a simple packet filter operating at the network level.. a stateful inspection firewall which understands TCP will be a circuit level gateway and will control traffic at the transport layer.. then you have application proxies.. which will handle your mail / ftp / http etc and understand the protocol so you can filter based on criteria within that protocol right at the application level itself.