An Application-Level Firewall, commonly called an application-level gateway or proxy firewall, inspects traffic at the application layer and enforces rules based on specific application protocols and commands. In CEH-aligned coverage of perimeter defenses, this firewall type is distinguished by its ability to understand protocol behavior and content for services such as DNS and SSH, rather than relying only on IP addresses, ports, and basic connection state.

The question states the filtering system “analyzes incoming SSH and DNS requests to block unauthorized access attempts.” That wording points directly to application-aware inspection: it is evaluating protocol-specific requests, not merely allowing or denying traffic based on port numbers. A packet filtering firewall generally makes decisions using network and transport layer information such as source and destination IP, protocol, and port, without parsing DNS queries or SSH negotiation details. A circuit-level gateway firewall focuses on validating session establishment and connection properties, typically without deep inspection of the application commands inside the session. A stateful multilayer inspection firewall can track connection state and sometimes incorporate deeper inspection, but the strongest and most explicit match to “analyzes SSH and DNS requests” in CEH terminology is the application-level firewall, which uses proxies or protocol engines to parse and filter application traffic.

From an ethical testing perspective, attempts to “craft specific payloads” often involve probing how the firewall validates protocol fields, handles malformed requests, or enforces policy on application commands. Defenders mitigate these risks through strict proxy policy configuration, robust protocol validation, patching, logging, and limiting exposed services to only what is required.