When auditing a proxy-based firewall, an IS auditor should:
verify that the firewall is not dropping any forwarded packets.
review Address Resolution Protocol (ARP) tables for appropriate mapping between media access
control (MAC) and IP addresses.
verify that the filters applied to services such as HTTP are effective.
test whether routing information is forwarded by the firewall.
A proxy-based firewall works as an intermediary (proxy) between the service or application and the
client, it makes a connection with the client and opens a different connection with the server and,
based on specific filters and rules, analyzes all the traffic between the two connections. Unlike a
packet-filtering gateway, a proxy-based firewall does not forward any packets. Mapping between
media access control (MAC) and IP addresses is a task for protocols such as Address Resolution
Protocol/Reverse Address Resolution Protocol (ARP/RARP).