A type of firewall that provides application-level control over network traffic. Application gateways can be used to deny access to the resources of private networks to distrusted users over the Internet
Application gateways examine incoming packets at the application level and use proxies to create secure sessions with remote users. For example, when an external user with a Web browser tries to access the company’s internal web server, the application gateway runs a proxy application that simulates the internal web server.
A session is established between the remote user and the proxy application, while a separate, independent session is established between the proxy application and the internal web server. The remote user makes a request to the proxy, the proxy acts as a go-between and obtains the information from the internal web server, and then the proxy returns the result to the remote user.
The advantage of using application gateways over packet-filtering routers is that in packet filtering, a direct network connection still exists between the remote user and the internal network resource, while an application gateway prevents the remote user from directly accessing the internal network resource.
This layer of additional security comes at some cost, namely that application gateways are generally slower and require a separate proxy application for each internal network service you want to make available through the firewall