Technical Tip: Explicit proxy vs Transparent proxy vs. NGFW proxy-mode
Proxy = by definition, is the authority to represent someone else.
This definition is very close to the operation of Explicit Proxy or Transparent Proxy.
In this context, the FortiGate will forward the traffic on behalf of someone else (in the networking context that means IP and MAC address).
What is the difference between proxy and NAT? one may ask. The main difference is that NAT only changes the IP header (Layer 3/4) and no change or check is done in the content, or application level (Layer 7).
Explicit proxy vs Transparent Proxy.
Explicit proxy needs to be explicitly configured in the host browser / Internet options, or the configuration to be received in form of a .pac file (that for example, instructs the host to send specific traffic to a proxy, and other traffic to bypass the proxy).
The transparent proxy operates almost like explicit proxy but it is not visible to the host (no host-config needed), and is designed to proxy all the traffic that is received.
Both of these modes are resource-demanding, because the traffic needs to be decrypted, altered, and re-encrypted, in order to properly change the content at the Application level. As opposed to regular NAT which only changes the packet headers to accommodate a change of networks: private to public, without altering the payload.
浙公网安备 33010602011771号