Application-level Gateway can handle traffic both transparently and non-transparently. In transparent mode, the clients address the destination servers directly, without being aware that the traffic is handled by Application-level Gateway. In nontransparent mode, the clients address Application-level Gateway, that is, the destination address of the client's connection is an IP address of the firewall host, and Application-level Gateway determines the address of the destination server.
There are two methods to determine the destination address in nontransparent mode:
Inband destination selection: Application-level Gateway can extract the destination address from the incoming traffic itself. This method is currently supported for HTTP and FTP connections. For example, see Section 6.5.6, Configuring nontransparent rules with inband destination selection.
Redirection: Application-level Gateway can redirect the traffic to a fix destination address.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu
