Never without my Proxy: the love story of Firewall and Proxy in the enterprise

Can a Firewall really be effective for web security without a stand-alone Proxy? At Olfeo, 100% of our customers have a Firewall. They recognize that their protection against new cyber threats is much better since Proxy and Firewall efficiently share detection actions, while remaining perfectly integrated and complementary. It's a true symbiosis, or even a Love Story, but why?

Olfeo invites you to browse through this guide dedicated to the link between the Proxy and the Firewall to better understand the differences, but also the advantages of these 2 security devices:

If, after reading this guide, you still have questions about Proxy and Firewall , and which solution is best for businesses to block online threats, contact one of our cybersecurity experts.

Proxy & Firewall: what are the fundamental differences?

While Firewall and Proxy are certainly the first 2 pillars of a cybersecurity strategy, they have 2 very different missions, and it's important to let each do the job it was designed to do.

The purpose of a firewall is to manage incoming and outgoing flows between the internal IT network and external networks, whether open(the web) or protected(VPN for Virtual Private Network). Without a firewall, all servers and workstations on the local IT network would be directly "exposed" to external web flows. It's easy to see why firewalls are the 1st fundamental step in the pyramid of cybersecurity tools, since they stand between the Internet and the internal network, controlling all access and authorizing or denying access. No company would take the risk of not deploying a firewall, as this would be tantamount to directly exposing its IT resources to cyber-attacks.

The Proxy 's complementary mission is to control, optimize and filter web flows. Originally designed to control and filter outgoing flows by managing advanced caching to optimize bandwidth, the Proxy quickly became indispensable for filtering users' web surfing by category and URL, to guarantee protection against advanced web threats and legal and cultural conformity of internet use within the company.

Why separate the Proxy filter from the Firewall?

Ensuring the security of an information system is like building a chain made up of different pieces of equipment, the strength of which depends on its weakest link.

In the past, CIOs might have been tempted, for reasons of cost, to group all flow control and filtering functions within the firewall, which sometimes included a filtering proxy option added to the UTM(Unified Threat Management), but this is no longer possible.

Indeed, the changing nature of web flows(HTTPS) and the ever-increasing sophistication of cyber-attacks(polymorphic malware codes) reinforce the importance of filtering and therefore of Proxy. This now justifies the need for a stand-alone Proxy to be set up separately, but in dialogue with the Firewall, if we really want to create a trusted environment on the web for corporate users:

In fact, the standalone Proxy offers a much higher quality content filtering solution: it incorporates many more functions, as shown in the examples in the diagram, as well as a greater wealth of categories and URLs in its database.

Analysis of HTTPS encrypted flows is the responsibility of the Proxy, to preserve Firewall reliability.

We now know that SSL decryption on a firewall can represent a performance loss of up to 74%(NSS Labs, John W. Pirc, Significant SSL performance loss leaves much room for improvement).

As HTTPS encrypted flows are constantly increasing, it's important to filter them with a standalone Proxy to avoid weakening the Firewall and your web security chain.

The consequence is that the firewall, when saturated, is no longer capable of analyzing all flows, and therefore lets some potentially dangerous ones through.

Proxies provide enhanced filtering and advanced functionality

The advantage ofusing the Proxy will also be to be able to exploit the finer categories of its database to display informative messages to users about their use of the Internet, in order to make them more aware of new cyber threats.

This equipment will enable whitelist operation, considered the "supreme" level of web security. This means allowing access only to content already recognized in the URL database of your web filtering editor. An extensive database is required for this, and a minimum of 96% recognition of websites visited by your users is recommended.

Authentication management by Proxy rather than Firewall

It is a legal requirement to have nominative logs of user use of the Internet. The stand-alone Proxy allows you to manage filtering policies by user or group of users, so it's preferable that user identification by the Proxy takes precedence over the Firewall.

All the more so as the traditional perimeter of the corporate network now extends to mobility, and users of smartphones or corporate mobile terminals need to benefit from the same authorizations and/or protection outside as inside the company. Only a stand-alone, web-exposed proxy can support this function and provide the expected analysis and reporting tools on Internet usage.

The impact of new cyber threats on Proxy and Firewall systems

A final example of where the filtering function of the standalone Proxy must be at the heart of a corporate security strategy: D-DOS(Denial of Service Attack) attacks, also known as massive attacks by thousands of " zombie " machines designed to bring down the firewall and open a breach in the security of the computer network.

The Anonymous group's attacks on the websites of companies such as PayPal, Visa and MasterCard are still fresh in the minds of all CISOs(Information Systems Security Managers). A Proxy, in addition to a Firewall , provides greater redundancy in the protection of a company's information system.

So it's important today to relieve the firewall of all the tasks that don't fall within its remit, and to integrate a stand-alone Proxy if you want to create a trusted web environment in your company.

Integrating a stand-alone proxy with the firewall is a priority in terms of cybersecurity.

Firewalling, on the one hand, and web flow filtering by a standalone proxy, on the other, are today both a priority and a best practice in terms of cybersecurity.

Faced with the ingenuity of malware and the " galloping " sophistication of certain phishing e-mails, the specialization of an autonomous Proxy is a real asset, thanks to the quality of its URL database and the granularity available for filtering operations. And let's not forget the ability to perform anti-virus scans on flows, redundant to those performed on workstations by conventional anti-virus software.

Having a standalone Proxy in addition to the Firewall could cost less than having a single piece of equipment.

With the load on bandwidth increasing by 10-20% every year, it is often necessary to buy new firewall equipment as time goes by. With this in mind, it makes more sense to invest in a dedicated proxy from the outset, rather than making large regular investments.

You can't choose a Swiss army knife and expect the same level of efficiency as if you'd taken each of the tools it contains separately... We're back to the eternal debate of the generalist VS the expert: is it better to be a jack-of-all-trades or an expert in one field?

To illustrate the dilemma, will you choose a Swiss Army knife to equip your brand-new kitchen? Or would you prefer a set of complementary knives?

The same applies to UTMs. While they provide ease of operation, since everything is in the same place, they cannot be expected to have the same level of quality as dedicated equipment, particularly that of a stand-alone Proxy.

Integrating a dedicated proxy like Olfeo's with your firewall is easy

The integration of Olfeo's standalone Proxy with your Firewall is now totally reliable and secure, thanks to the use of standardized connectors with leading Firewall solutions.

Why choose Olfeo's dedicated proxy over an all-in-one UTM?

Are you still hesitating betweenpurchasing an all-in-one UTM or a dedicated Proxy? For your company, it's imperative that you choose a solution whose security performance won't let you down. That's why you should opt for a Proxy rather than an all-in-one UTM.

An additional security brick for enhanced filtering performance

If our customers have chosen Proxy, it's because they feel more confident with an additional layer of security that focuses on filtering requests and, more generally, web traffic and content.

In fact, although the Firewall is an essential building block, security will be much more effective if you add a second one, namely the Proxy.

High-performance filtering ensures not only optimal Internet browsing, but also efficient use of applications for employees, even when they're not on site. Indeed, in an increasingly decentralized working environment, the use of Proxies is even more appropriate for blocking malicious requests and content: while VPNs can be complex for employees to set up, and can be the source of slowness or malfunctions, this is not the case with a dedicated Proxy likethe one developed by Olfeo.

A local database for more efficient filtering

Another problem with an all-in-one UTM is the quality of the URL database. This is often generic, which is not the case with the Olfeo database, for example, which is local and French. The level of filtering is therefore not as fine with a UTM as with a local proxy server.

If you want to invest in truly effective protection for your company, it's best to choose a Proxy solution.

What are the features of the Proxy developed by Olfeo?

Thinking of investing in Olfeo's Proxy Filter? We'd like to tell you more about its advantages over other solutions on the market, so that you can better understand how its performance is adapted to your company's requirements.

A qualitative database

Olfeo provides advanced web traffic filtering. Impossible to bypass, our filtering proxy is renowned for blocking anything that shouldn't end up on your employees' devices: in addition to increased security and the assurance of good legal protection, Olfeo also boosts your employees' productivity.

To achieve this, the filtering proxy server developed by Olfeo uses a high-quality database. The database is based on 9 themes and 100 categories, enabling very fine filtering. This filtering can also be customized according to the employee's profile: the parameters of our solution enable privileges to be given to certain categories of user, always in compliance with current regulations.

A granular filtering policy

With Olfeo, your company's filtering policy can be tailored to the specific needs of your business or industry. Our numerous parameters can be used to adapt the filtering policy according to time slots, volume quotas or overflow capacity.

Trust-centric technology

Thanks to its trust-Centric technology, Olfeo authorizes trusted URLs rather than trying to block malicious ones. This ensures the highest level of web security.

Powerful employee authentication

Our proxy is based on employee authentication via Active Directory or ADFS. As a result, only authenticated users can submit requests and receive the requested content: our filter will block those who are not recognized, providing an additional guarantee of security.

An analysis and reporting module to further enhance system security

For the professionals in charge of securing your network, having access to an analysis and reporting module can make all the difference.

Among the many advantages of our Proxy Server, this one is particularly interesting: it's indispensable for gaining a better understanding of the web usage of your company's employees. Once the data has been collected, it's easier to analyze it to identify risks and attacks.

I want to know more about the Olfeo proxy server

Intrigued by the benefits of Olfeo Proxy Server? Are you considering installing our solution as an additional security brick in your information system? If you'd like to find out more about our system, our cybersecurity experts are at your disposal.

Who is the Olfeo Proxy server designed for?

First and foremost, you may be wondering whether the Proxy developed by Olfeo is suitable for your industry. Although our filtering tool can be installed in any company, you should know that it meets the high security requirements of :

What do these establishments have in common? They are highly vulnerable to cyber-attacks , and therefore have a high need for security.

Respecting data confidentiality is also at the heart of these establishments' concerns. In addition to blocking threats and ensuring optimal online protection, our filtering device complies with current regulations in France, particularly concerning the RGPD. With Olfeo, users' data confidentiality is therefore guaranteed.

What's more, our Proxy filter can be installed on any information system, including those running Windows and Mac. So if your employees are using a device (computer, tablet or smartphone) with IOS, our Proxy filter will be able to secure its use with all the performance expected of it.

Request your free trial

The easiest way to find out if our Proxy filter is right for your business is to request a free trial. If you're looking for a high-performance solution for blocking online threats, you can contact our team to :

  • Request a demonstration
  • Request a free trial

In both cases, you can discover the many advantages of our web traffic filtering solution. Once you understand how our tool is able to block content that doesn't comply with your company's filtering policy, you'll be able to trust it to ensure the cybersecurity of your information system.

Contact an Olfeo consultant to identify your system's vulnerabilities

At present, your company is equipped with a good Firewall, but this hasn't prevented network users from facing inappropriate content or online attacks? To secure browsing, your company also needs a filtering Proxy server. Complementary to the Firewall, it acts as an intermediary between the user and the content found online or available on applications essential to employees' work.

Are you considering investing in Olfeo's Proxy Filter? The first step for our consultant will be to identify the weaknesses in your system, so as to recommend the solution best suited to your company's specific needs.

Don't hesitate to contact us now to review your company's filtering policy: together, we'll be able to improve it and ensure the browsing security of system users.

What is the link between proxy and firewall?

If there's one thing you need to remember from this guide to Proxy and Firewall, it's that these 2 solutions are complementary. If your objective is to maximize the security of your company's information system and network, you need to invest in these 2 security bricks. Becoming an Olfeo customer doesn't mean abandoning your Firewall, quite the contrary: with Proxy, it's all about guaranteeing good protection where the Firewall isn't performing optimally.

Contact your Olfeo consultant for more information about our Proxy filtering server and its benefits for securing network users' online browsing.

Of course, once you're an Olfeo customer, we'll help you define the parameters of your device: configuring your Proxy according to your company's specific needs is essential. It's a preventive measure of the utmost importance. We can also provide your staff with an e-learning platform to raise awareness of cybersecurity best practices.