What is a next-generation firewall?
A next-generation firewall (NGFW) is a network security device that provides capabilities beyond a traditional firewall. It includes application awareness, integrated intrusion prevention, and cloud-delivered threat intelligence.
NGFW vs. traditional firewalls
Traditional firewalls filter traffic based on ports, protocols, and IP addresses. NGFWs add deep packet inspection, application-level filtering, SSL/TLS inspection, and integration with external threat intelligence feeds.
Key NGFW capabilities
- Application awareness: Identify and control applications regardless of port
- Intrusion prevention: Detect and block known vulnerabilities
- User identity integration: Apply policies based on user identity
- SSL inspection: Decrypt and inspect encrypted traffic
- Sandboxing: Analyze suspicious files in a safe environment