Which firewall sits between internal and external connections and can make connections on behalf of endpoints (circuit-level at Layer 5, application-level at Layer 7)?

• A. Firewall
• B. Proxy Firewall
• C. NAT
• D. IDS

Answer: (B)

A proxy firewall is the one that sits between internal and external networks and acts as an intermediary for connections. It can establish connections on behalf of internal endpoints, so external systems talk to the proxy rather than directly to internal hosts. This proxying can happen at circuit level (Layer 5), where a session is created and managed between client and server, or at application level (Layer 7), where the proxy understands and can inspect the actual application protocols (like HTTP or FTP) and enforce policies based on content. This combination allows the firewall to control, log, and filter traffic more granularly while shielding internal hosts.

A generic firewall simply filters traffic based on rules at the network/transport layers and doesn’t typically act as a middleman for each connection. NAT focuses on translating private addresses to public ones (and vice versa) and doesn’t provide the intermediary, protocol-aware proxying. An IDS monitors and analyzes traffic for signs of threats but doesn’t mediate and manage connections between internal and external systems.