In information security, a guard is a device or system for allowing computers on otherwise separate networks to communicate, subject to configured constraints.
Whereas a firewall is designed to limit traffic to certain services, a guard aims to control the information exchange that the network communication is supporting at the business level.
The guard applications were designed to sanitise data being exported from a classified system to remove any sensitive information from it.
It was very simple separation kernel designed and constructed by T4 Division of the Royal Signals and Radar Establishment (RSRE) at Malvern, England.
[2][3] The Advanced Command and Control Architectural Testbed (ACCAT) guard was developed to export email from a classified system through a human review stage.
The SWIPSY firewall toolkit was developed by the Defence Evaluation and Research Agency to act as a general Guard platform.
Also, if the networking stack of the bastion host behaves incorrectly it may route traffic through the DMZ without passing through the proxies.