Corporate Proxy Server - still relevant now?

Posted on 2013-11-29
Last Modified: 2016-02-25
We are currently putting all internal computers that connect through the internet through our Sophos UTM via proxy.  I have been told that this reduces connection speed and the use of this type of proxy is not relevant anymore. Is this the case and are there any alternatives?
We still want to block sites such as facebook etc.
Question by:scoops98
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 28

Accepted Solution

jhyiesla earned 500 total points
ID: 39685234
If you have a proxy server and are routing thru that to the UTM, then yes, perhaps that does affect bandwidth.  If you are using the IP of the UTM as a proxy setting in IE, then probably not. Whether that proxy address is needed or not depends on why you set it up in the first place and the physical location of the UTM in the network.

For example, I have an iPrism device that does our web filtering.  It sits physically in-line between the switch and the firewall.  Since there is no other way out to the Internet other than going thru the firewall and since traffic headed there has to pass thru the switch first, it must also pass thru the iPrism device so I don't need to specify a proxy setting of any kind nor do I need a proxy server.

However, I also have PCs on partner networks that must come back to our network to access our resources. In those cases, I specify a proxy setting in IE, because if I didn't IE would not be able to access most of our resources.  The proxy setting in IE in these cases is the IP of the iPrism device.

If you are running a real proxy server for some other security or routing issue, you may still need that on your main LAN.
LVL 28

Assisted Solution

jhyiesla earned 500 total points
ID: 39685235
Forgot to say that if there are multiple ways to the Internet and you want to make sure that all of that traffic traverses the UTM, then you may very well need the proxy setting in IE to point to the proxy server or the UTM depending on your setup.

Expert Comment

ID: 39686948
Proxy servers and UTM firewalls are out dated.  The next generation firewalls such Palo Alto Networks Firewalls provides the ability to filter based on Content-ID, User-ID, and App-ID as well as protects against malware.  There is no longer a need to redirect traffic through multiple proxy filter points or layers of protection; you only need to go through one device for all filtering and protection needs.  In this Web 2.0/3.0 era you need an appliance that can filter traffic more granularly beyond just a site, but the sites individual applications/services.  For example: Facebook and other site provide chatting, file transferring, and other services.  So being able to allow access to a site for select purposes, but disabling the ability to chat, transfer files, remove malicious advertisements, etc... these days is very important.

So, I think the point that was being made that today you only need a single firewall appliance for filtering user internet access vs the use of a proxy server that impedes traffic and bandwidth.

Author Comment

ID: 39687347
Thanks for all your prompt answers:) I have been looking at opendns umbrella as a potential solution. Will also research the products mentioned above.
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 39995380
Palo Alto firewalls are the way to go in my opinion. They certainly take the LEAST amount of performance hit when enabling IPS/AV/URL filtering.

Even the LOWEST end firewall still pushes 50mbps TCP/HTTP with everything enabled.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA5510 Blocking a Wanted Website/Host 9 57
SMB Packet - File Data 4 75
Password recovery 2950 is Deleting configuration Why 8 62
Windows 10 ISO build version 3 94
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question