Application Gateway Vs Circuit level Gateway | Difference between Application Gateway and Circuit level Gateway
This page compares Application Gateway Vs Circuit level Gateway and mentions difference between Application Gateway and Circuit level Gateway with packet filters.
• Host which is running proxy service is known as
Application Gateway. This is needed as packet filtering routers do
not allow TELNET and FTP connections. Both packet filtering routers and
application gateway are used together to provide high levele of security as well as
• A user which needs to connect with in-bound site need to first connect with application gateway and later to destination host.
• There are many benefits of using application gateway such as information hiding, robust authentication & logging, cost effectiveness and less complex filtering rules etc.
• The disadvantages of application gateway is TELNET connectivity requires two steps to connect either inbound or outbound. Moreover here user need to connect with firewall rather than connecting with host directly.
• Examples: TELNET, FTP, E-mail
Circuit level Gateway
• It relays TCP connections .
• No processing or filtering of protocol is done by circuit level gateway.
• Example#1: NNTP server and NNTP client, here both connects with the firewall and later they can communicate directly bypassing the firewall. This means firewall simply passes bytes between the end systems.
• Example#2: Once the connection is established using application gateway, firewall simply passes bytes between the hosts. This is another example of circuit level gateway.
Following table mentions difference between Application Gateway, Circuit Level Gateway and Packet filters.
|Packet filters||Application Gateway||Circuit level Gateway|
|Simple and least secure||Most secure approach||More secure than packet filter but not as secure as application gateway.|
|Many routers provide this functionality||Unique program for each application||Relay TCP connections|
|Passes or rejects packets based on rules||good for authentication and logging||Permission granted by port address|
|Hard to manage||Not always transparent to users||No application level checking|
|Easy to make mistakes||Used for email, FTP, TELNET, WWW||Can understand what is carried in the packet.|