Corporate Proxy Server - still relevant now?

We are currently putting all internal computers that connect through the internet through our Sophos UTM via proxy.  I have been told that this reduces connection speed and the use of this type of proxy is not relevant anymore. Is this the case and are there any alternatives?
We still want to block sites such as facebook etc.
Who is Participating?
jhyieslaConnect With a Mentor Commented:
If you have a proxy server and are routing thru that to the UTM, then yes, perhaps that does affect bandwidth.  If you are using the IP of the UTM as a proxy setting in IE, then probably not. Whether that proxy address is needed or not depends on why you set it up in the first place and the physical location of the UTM in the network.

For example, I have an iPrism device that does our web filtering.  It sits physically in-line between the switch and the firewall.  Since there is no other way out to the Internet other than going thru the firewall and since traffic headed there has to pass thru the switch first, it must also pass thru the iPrism device so I don't need to specify a proxy setting of any kind nor do I need a proxy server.

However, I also have PCs on partner networks that must come back to our network to access our resources. In those cases, I specify a proxy setting in IE, because if I didn't IE would not be able to access most of our resources.  The proxy setting in IE in these cases is the IP of the iPrism device.

If you are running a real proxy server for some other security or routing issue, you may still need that on your main LAN.
jhyieslaConnect With a Mentor Commented:
Forgot to say that if there are multiple ways to the Internet and you want to make sure that all of that traffic traverses the UTM, then you may very well need the proxy setting in IE to point to the proxy server or the UTM depending on your setup.
gsmartinManager of ITCommented:
Proxy servers and UTM firewalls are out dated.  The next generation firewalls such Palo Alto Networks Firewalls provides the ability to filter based on Content-ID, User-ID, and App-ID as well as protects against malware.  There is no longer a need to redirect traffic through multiple proxy filter points or layers of protection; you only need to go through one device for all filtering and protection needs.  In this Web 2.0/3.0 era you need an appliance that can filter traffic more granularly beyond just a site, but the sites individual applications/services.  For example: Facebook and other site provide chatting, file transferring, and other services.  So being able to allow access to a site for select purposes, but disabling the ability to chat, transfer files, remove malicious advertisements, etc... these days is very important.

So, I think the point that was being made that today you only need a single firewall appliance for filtering user internet access vs the use of a proxy server that impedes traffic and bandwidth.
scoops98Author Commented:
Thanks for all your prompt answers:) I have been looking at opendns umbrella as a potential solution. Will also research the products mentioned above.
Schuyler DorseyCommented:
Palo Alto firewalls are the way to go in my opinion. They certainly take the LEAST amount of performance hit when enabling IPS/AV/URL filtering.

Even the LOWEST end firewall still pushes 50mbps TCP/HTTP with everything enabled.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.