Network Sales and Services Handbook (Cisco Press Networking Technology)

A proxy server is a function often combined with a firewall. The proxy server is used to access web pages by other computers on the network, as illustrated in Figure 15-1.

When a user requests a web page, it is retrieved by the proxy server and then sent to the requesting computer. The result of this action is that the remote computer hosting the web page never comes into direct contact with anything on the home network other than the proxy server.

Proxy servers also can make Internet access more efficient for an organization. If a user accesses a web page, it is cached (stored) on the proxy server, meaning that the next time that same page is requested, it does not have to load again from the web site; instead the page loads from the proxy server.

There are times that remote users will require access to resources on a network. Here are some examples of such access:

• Organization Intranet site

• Online business

• FTP download and upload area

In cases like this, a demilitarized zone (DMZ) should be created. The DMZ is a part of the network that is outside the firewall, similar to the front yard of a house. It belongs to the network (in this case, the house) and some things can be left there (in the yard), but it is not advisable to leave anything valuable in this part. A common DMZ implementation is illustrated in Figure 15-2.

• The Internet access router on the public side of the DMZ provides the first line of defense for the private network.

• The DMZ hosts public access servers, such as an e-commerce store or corporate Web site.

• The firewall and router protect the private network from public users. In order for a user to gain access to a resource on the private network, the user must first be granted access through the firewall.