Firewall Technologies and the Cisco Security Appliance
Figure 2-2 Proxy Firewall
Large networks usually implement several proxy servers to avoid problems with throughput.
The number of applications that a requesting host can access via a proxy is limited. This can
be a key disadvantage when using a proxy server, because protocol traffic that the proxy
server does not support passes through the proxy server untouched. By design, proxy
firewalls support only specific applications and protocols. Another major disadvantage of
proxy servers is that they are applications that run on top of operating systems. A device
can be only as secure as the operating system it is running on. If the operating system is
compromised, the unauthorized user may be able to take control of the proxy firewall and
gain access to the entire protected network.