Why Terminate?

I read recently a very rudimentary discussion about what the difference was between a firewall or router and a proxy. The author's very quick and dirty description to explain the difference? Routers and firewalls pass traffic and connections (assuming the policies allow it), while proxies terminate traffic and connections. While this is a simplistic view, it does beg the question, why terminate?

The quick answer? Inspection and security. By terminating the connection, you get to inspect the content of everything going through the box. There's no worry about any hidden content being tunneled through the connection. Proxies have to terminate a connection and rebuild the connection to the final destination.

At the same time proxies are smart enough to know what protocols can't be terminated, and allows certain applications to be bypassed, such as VoIP which would would not be able to tolerate disruption.

Typical routers and firewalls either allow or block traffic. Most organizations allow HTTP (web) traffic through the firewall and router. End-users can go to the web, to even secure (HTTPS) sites, but without a proxy, there's no visibility to what the user is doing, whether they are downloading malware, sending out confidential information (against corporate policy), or visiting sites that are not condoned by human resource regulations.

The proxy provides the visibility and control the IT administrator needs for today's applications.