Most Application-level Gateway proxies can pass the information received as the payload of the incoming traffic to another proxy for further analysis. This kind of complex data analysis is possible by placing a proxy inside another one. This process is called stacking. Stacking is especially useful in filtering compound traffic, a traffic that consists of two (or more) protocols or that needs to be analyzed in two different ways.
Note |
---|
Every proxy can decrypt SSL and TLS encryption without having to use another proxy. For details on configuring Application-level Gateway to handle encrypted connections, see How to configure TLS proxying in PNS 2. |
Usually protocols consist of two parts:
control information, and
data.
Protocol proxies analyze and filter the control part and except for some cases they are unaware of the data part. At this point, further screening of the data might be needed, therefore proxies are able to stack in other proxies capable of filtering the data part, so the external (upper) proxy passes that data traffic to the internal (lower) proxy.
Example 6.8. Virus filtering and stacked proxies |
---|
Virus filtering is also part of the multiple analysis on traffic. It is typically performed in HTTP, POP3 and SMTP traffic, because these are the protocols, viruses generally use for spreading over the Internet (using Application-level Gateway though, it is possible to filter viruses in other protocols as well). When virus filtering is configured, a standard protocol proxy works in tandem with an antivirus engine and this way, both protocol-specific filtering and virus filtering are performed on the data if you stack the antivirus engine into some proxy. For details on configuring virus filtering in HTTP and HTTPS traffic, see How to configure virus filtering in HTTP. |
For each stacking scenarios there are a number of attributes that can be configured. For more information see the Proxedo Network Security Suite 2 Reference Guide.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu