A Next-Generation Firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration.
Next-generation firewalls integrate three key assets: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control. Like the introduction of stateful inspection in first-generation firewalls, NGFWs bring additional context to the firewall’s decision-making process by providing it with the ability to understand the details of the Web application traffic passing through it and taking action to block traffic that might exploit vulnerabilities.
Next-Generation Firewall vs. Traditional Firewall
NGFWs include the typical functions of traditional firewalls such as packet filtering, network-and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.
NGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.
Advantages of using the NGFWs
- Complete visibility and precise control
- Automated security
- Protection for your users and data everywhere
- Application awareness
- Streamlined infrastructure
- Threat protection
- Network speed
Features of NGFWs
- Application Awareness
- Stateful Inspection
- Integrated Intrusion Protection System (IPS)
- Identity Awareness (User and Group Control)
- Bridged and Routed Modes
- Ability to utilize external intelligence sources
Comparing Next Generation Firewalls
There are a number of solutions that exist in the information security marketplace that are framed around the concept of a NGFW solution. To distinguish the differences, there are a number of metrics that need to be reviewed and compared including:
- Does the NGFW solution provide protection against server application attacks and client application attacks? What is the percentage of time that it does not ?
- Can the NGFW solution be evaded ?
- Is the device stable and reliable ?
- Does the NGFW solution enforces inbound and outbound application polices ?
- Does the NGFW solution enforce inbound and outbound identity policies ?
- What is the performance of the solution ?
We at Sun Systems ensure that we answer all these questions and provide the best in class solution to our customers