My OpenLearn Profile

Personalise your OpenLearn profile, save your favourite content and get recognition for your learning

Create account / Sign in

Course content Course content

Network security

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

More free courses

9.6 Circuit level gateways

A circuit level gateway operates at the transport layer of the OSI or internet reference models and, as the name implies, implements circuit level filtering rather than packet level filtering. It checks the validity of connections (i.e. circuits) at the transport layer (typically TCP connections) against a table of allowed connections, before a session can be opened and data exchanged. The rules defining a valid session prescribe, for example, the destination and source addresses and ports, the time of day, the protocol being used, the user and the password. Once a session is allowed, no further checks, for example at the level of individual packets, are performed.

A circuit level gateway acts as a proxy and has the same advantage as an application level gateway in hiding the internal host from the serving host, but it incurs less processing than an application level gateway.

Disadvantages of circuit level gateways include the absence of content filtering and the requirement for software modifications relating to the transport function.

Circuit level gateways can be implemented within application level gateways or as stand-alone systems. Implementation within an application level gateway allows screening to be asymmetric, with a circuit level gateway in one direction and an application level gateway in the other.

SAQ 15

What advantages could arise from the asymmetry of the arrangement just described?

Answer

Firewall asymmetry could complement the different levels of risk relating to incoming and outgoing traffic on the protected network. For example, user-friendly outgoing services could be maintained to hosts behind the firewall by allowing circuit level functionality on outbound traffic. This is appropriate where internal users’ requests are relatively trustworthy. By contrast, inbound traffic could be subjected to the full scrutiny of application level content. Application level examination of traffic involves a considerable processing overhead, but this would be performed on incoming traffic only.

Previous 9.5 Application level gateways

Next 9.7 Examples of firewall implementation

Take your learning further

Making the decision to study can be a big step, which is why you’ll want a trusted University. We’ve pioneered distance learning for over 50 years, bringing university to you wherever you are so you can fit study around your life. Take a look at all Open University courses.

If you’re new to university-level study, read our guide on Where to take your learning next, or find out more about the types of qualifications we offer including entry level Access modules, Certificates, and Short Courses.

Want to achieve your ambition? Study with us and you’ll be joining over 2 million students who’ve achieved their career and personal goals with The Open University.

Browse all Open University courses

My OpenLearn Profile

About this free course

Become an OU student

Download this course

Share this free course

9.6 Circuit level gateways

SAQ 15

Answer