Proxy Servers vs Firewalls and how they work together

At the most basic technical level Firewalls And Proxy Servers are very different things and although they are often viewed in the same way it is important to understand the differences between the services and how they should be used correctly.

Firewalls

Firewalls filter raw IP traffic at the most basic level, they are capable of more complex filtering but for the most part a firewall is placed at the edge of a network and contains a rule set which allows or filters connections based on criteria which normally includes source address, destination address, port and although modern firewalls are capable of deeper packet inspection only large enterprise networks will make good use of these functions. Firewalls are also capable of load balancing and aggregating raw connections unlike proxy servers which have limited capabilities for link aggregation

Proxy Server

A proxy server on the other hand usually sits inside the network and as the name implies it proxies connections to outside networks most commonly the Internet, although it does provide a layer of security it cannot be considered the primary function. Proxy servers are also able to cache content by storing local copies of commonly accessed files from web servers for example thus the server reduces bandwidth usage while improving loading speeds.

A real world example would be along the following lines; A proxy server is setup for HTTP & HTTPS and most likely FTP. Client machines connect to the proxy when attempting to access any of these services. The proxy server then routes the traffic via the firewall which has a rule allowing the corresponding ports for outbound traffic. The proxy delivers the content to the user/browser.

Advantages

• The client computers are not able to connect to the actual firewall or servers outside the firewall on the Internet greatly increasing your security
• Logging a proxy server is easy and the default logs are normally powerful enough to obtain meaningful information about your users browsing habits
• You are able to reduce your bandwidth costs while improving you users browsing experience

Important Points

• It is common practice to share a server for the firewall and proxy, this to a degree hurts the security benefits. In fact Firewalls should never host other services. Transparent proxy servers are a slight exception although best practice would have a "double" firewall to resolve the security risk
• Although I have spoken about common web browsing protocols proxy servers are able to proxy virtually any protocol
• Proxy servers are also capable of handling incoming connections and not only outbound connections, this is commonly used for high demand web server and database clusters (note: inbound/outbound from the local LAN or Edge perspective)
• Proxy servers are also used to proxy internal network infrastructure, some examples include database calls to middle ware services such as SMS gateways