Corporate Proxy Server - still relevant now?

Posted on 2013-11-29
Last Modified: 2016-02-25
We are currently putting all internal computers that connect through the internet through our Sophos UTM via proxy.  I have been told that this reduces connection speed and the use of this type of proxy is not relevant anymore. Is this the case and are there any alternatives?
We still want to block sites such as facebook etc.
Question by:scoops98
LVL 28

Accepted Solution

jhyiesla earned 500 total points
ID: 39685234
If you have a proxy server and are routing thru that to the UTM, then yes, perhaps that does affect bandwidth.  If you are using the IP of the UTM as a proxy setting in IE, then probably not. Whether that proxy address is needed or not depends on why you set it up in the first place and the physical location of the UTM in the network.

For example, I have an iPrism device that does our web filtering.  It sits physically in-line between the switch and the firewall.  Since there is no other way out to the Internet other than going thru the firewall and since traffic headed there has to pass thru the switch first, it must also pass thru the iPrism device so I don't need to specify a proxy setting of any kind nor do I need a proxy server.

However, I also have PCs on partner networks that must come back to our network to access our resources. In those cases, I specify a proxy setting in IE, because if I didn't IE would not be able to access most of our resources.  The proxy setting in IE in these cases is the IP of the iPrism device.

If you are running a real proxy server for some other security or routing issue, you may still need that on your main LAN.
LVL 28

Assisted Solution

jhyiesla earned 500 total points
ID: 39685235
Forgot to say that if there are multiple ways to the Internet and you want to make sure that all of that traffic traverses the UTM, then you may very well need the proxy setting in IE to point to the proxy server or the UTM depending on your setup.

Expert Comment

ID: 39686948
Proxy servers and UTM firewalls are out dated.  The next generation firewalls such Palo Alto Networks Firewalls provides the ability to filter based on Content-ID, User-ID, and App-ID as well as protects against malware.  There is no longer a need to redirect traffic through multiple proxy filter points or layers of protection; you only need to go through one device for all filtering and protection needs.  In this Web 2.0/3.0 era you need an appliance that can filter traffic more granularly beyond just a site, but the sites individual applications/services.  For example: Facebook and other site provide chatting, file transferring, and other services.  So being able to allow access to a site for select purposes, but disabling the ability to chat, transfer files, remove malicious advertisements, etc... these days is very important.

So, I think the point that was being made that today you only need a single firewall appliance for filtering user internet access vs the use of a proxy server that impedes traffic and bandwidth.

Author Comment

ID: 39687347
Thanks for all your prompt answers:) I have been looking at opendns umbrella as a potential solution. Will also research the products mentioned above.
LVL 10

Expert Comment

by:Schuyler Dorsey
ID: 39995380
Palo Alto firewalls are the way to go in my opinion. They certainly take the LEAST amount of performance hit when enabling IPS/AV/URL filtering.

Even the LOWEST end firewall still pushes 50mbps TCP/HTTP with everything enabled.

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Simple Network: And the Default Gateway is? 5 81
NAS with google authentication 6 136
exclude a user from a deny permisssion 4 60
physical security query stockroom concern 8 52
Resolve DNS query failed errors for Exchange
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question