Next-generation firewall (NGFW) is part of third-generation firewall technology that is implemented in hardware or software. NGFW is able to detect and block attacks by enforcing security policies at the application, port and protocol level.
NGFW usually displays advanced functions including:
- Application awareness
- Integrated intrusion prevention systems (IPS);
- Identity awareness – user and group control;
- Bridge and routed modes
- The ability to use external intelligence sources.
- Most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, intrusion prevention systems (IPS) and application control.
Like the introduction of stateful inspection in traditional firewalls, NGFW brings additional features to the firewall decision making process. This feature is able to understand in detail the traffic of web applications that pass through and take action to block traffic that can exploit vulnerabilities.
Next-generation firewall feature
NGFWs combines many capabilities, such as filtering packets in network address translation (NAT), port address translation (PAT), URL blocking, and virtual private networks (VPN) with quality of service (QoS) functionality and other features not found in traditional firewalls .
Including intrusion prevention, SSL and SSH inspection, deep-packet inspection, and reputation-based malware detection, and application awareness.
The specific capabilities of this application are intended to frustrate the increasing number of application attacks that occur in the Layers 4-7 OSI network stack.
Benefits of next-generation firewalls
Various NGFW features create unique benefits for users. NGFW can often block malware before entering the network, something that previously could not be done with an ordinary firewall.
NGFWs are also better equipped to face the threat of advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFW is a low-cost alternative for companies that seek to improve basic device security through the use of inspection services and protection systems.
Next-generation vs. firewall. traditional firewall
NGFW and traditional firewalls have the same goal, namely protecting the network and data assets, but also have some differences.
The main similarities include static packet filtering to block packets in network traffic. They also have the ability to provide package inspection, network and port address translations, and both can manage VPN connections.
One of the fundamental differences between traditional firewalls and NGFW is that NGFW offers packet-in-depth inspection functions that go beyond simple port checks and protocols. NGFW can check data carried in network packets while traditional firewalls do not have this capability.
Another major difference, NGFW adds application level inspection, intrusion prevention and the ability to act on data provided by threat intelligence services.
In addition, NGFW extends the traditional firewall functionality of NAT, PAT and VPN support to operate both in routed mode, in this section the firewall behaves as a router and transparent mode.