How a 3-level firewall works

The external PORTAL firewall is where the system connects to the outside and, at SerNet, is usually designed as a firewall on CD. This firewall is booted from a CD ROM and can be modified only by changing the CD. Configuration details are loaded from a flash drive during the booting process using a secure process.
Under certain circumstances two external lines are connected to PORTAL: an ADSL with high incoming bandwidth and small outgoing bandwidth for Web research via HTTP and for FTP downloads and an SDSL with symmetric incoming and outgoing bandwidth for secure connection of external locations or laptops of field workers or maintenance PCs via the Internet.
The internal GATE firewall seals off the intranet (LAN) from the security infrastructure. Between GATE and PORTAL there are systems that are in contact with the Internet (e-mail, Web, VPN) while the LAN systems (behind GATE) do not have direct access to the Internet but only indirect access via the proxy:
If a PC in the LAN wants to obtain information from the Internet, this is done via the PROXY. This system takes requests from the internal PCs, places them on the Internet for the PC by proxy and then returns the answers from the Internet to the LAN. During this process, content is checked on the proxy: e-mails are checked for viruses, SPAM and other unwelcome content, Web pages are checked for harmful or unwelcome script content or viruses and worms. On the PROXY all user activities can be checked or tracked. Therefore, data protection standards must be observed.