Link to home
Start Free TrialLog in
Avatar of Anthony Lucia
Anthony Lucia

asked on

Proxy without scanning content

I have read some excellent posts and have learned a lot, but have to ask one last question on this subject

If I have a proxy within the DMZ, and I do not scan for content, check for viruses, etc, and I do nothing to the content or block access based upon content, I might as well use port forwarding

Is this correct
ASKER CERTIFIED SOLUTION
Avatar of Chris Dent
Chris Dent
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Rich Rumble
Rich Rumble
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of btan
btan
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Leon Fester
Leon Fester
Flag of South Africa image
If I have a proxy within the DMZ, and I do not scan for content, check for viruses, etc, and I do nothing to the content or block access based upon content, I might as well use port forwarding

Is this correct

As the other experts suggest, it's not such a straight forward answer/decision.

Using an internal proxy like you're using is pretty much just packet forwarding so yes, it is similar to port forwarding.

Port forwarding however does not offer the same services as a proxy server.

So while we may be answering your question correctly...we do worry that you may not be asking the right question. This is where the articles become a little meaningless.

Don't forget there are many different types of proxy servers
http://en.wikipedia.org/wiki/Proxy_server

Question: Is your proxy only servicing clients on your internal network or do you have users coming in from the WWW who also need to access your proxy?

By using port forwarding only, you could be exposing your servers which would have been obfuscated by the proxy server so the backend services would have limited exposure to the Internet.

The big question is: What is your objective here? What do you want to achieve?

Do you want to: Remove an "unnecessary" server or get an understanding of the concepts? Or other?