A complete set of firewall systems is usually composed of a shielded router and proxy server. The shield router is a multi-port IP router that determines whether it is forwarded by checking each arriving IP package in accordance with the group rules. The shield router obtains information from the header, such as the protocol number, the IP address and port number of the message, and the port number, connection flags, and other IP options, filter the IP package. The proxy server is a server process in the firewall that can accommodate a specific TCP / TP function in place of the network user. A proxy server is essentially a gateway of an application layer, a gateway for two networks for a particular network application. The user is a TCP / TP application, such as Telnet or FTP, dealing with the agent server, and the proxy server requires the user to provide the remote host name to be accessed. When the user replies and provides the correct user identity and authentication information, the proxy server connects the remote host to serve as the secondary communication point. The whole process can be fully transparent to the victim. The user's identity and authentication information provided by the user can be used for user-level authentication. The simplest case is: it consists only by the user identity and password. However, if the firewall is accessible through the Internet, it should be recommended that users use stronger authentication mechanisms such as one-time password or response system.
