What is Next-Generation Firewall - NGFW?

NGFW is Next-Generation Firewall.  A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS).

Next-generation firewall features

NGFWs combine many of the capabilities of traditional firewalls including packet filtering, network address translation (NAT) and port address translation (PAT), URL blocking, and virtual private networks (VPNs) with quality of service (QoS) functionality and other features that are not found in traditional firewalls. These include intrusion prevention, SSL and SSH inspection, deep-packet inspection, and reputation-based malware detection, as well as application awareness. These application-specific capabilities are meant to thwart the growing number of application attacks taking place at Layers 4-7 of the OSI network stack.

Benefits of next-generation firewalls

The different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible. NGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.

Next-generation firewall vs. traditional firewall

While both NGFW and traditional firewalls aim to serve the same purpose of protecting an organisation's network and data assets, they also have several differences.

NGFWs include the typical functions of traditional firewalls such as packet filtering, network and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the Open Systems Interconnection (OSI) model, improving filtering of network traffic that is dependent on the packet contents. NGFWs perform deeper inspection compared to stateful inspection performed by the first and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.

Open System Interconnection (OSI)

The Importance of NGFW

Installing a firewall is a requirement for any business. In today’s environment, having a next generation firewall is almost as important. Threats to personal devices and larger networks are changing every day. With the flexibility of a NGFW, it protects devices and companies from a much broader spectrum of intrusions. Although these firewalls are not the right solution for every business, security professionals should carefully consider the benefits that NGFWs can provide, as it has a very large upside.

NGFW by FortiGate