A next generation firewall performs deep packet inspection to check the contents of the data flowing through the firewall.
Unlike more basic firewalls that only check the header of data packets, NGFWs examine and evaluate the payload data within the packet.
NGFWs remain the only class of firewalls to filter data based on application, presentation, or session layer packet information.
NGFW vendors used to target the largest enterprises, but most firewalls now incorporate many NGFW capabilities because of the broad benefits that satisfy the firewall needs for most situations - even for small businesses and smaller IT teams.
Some organizations will possess high-speed data throughput needs that do not tolerate NGFW packet inspection delays in front of application servers, databases, etc.
While most firewalls sold today adopt many NGFW capabilities, budget limitations may lead resource-constrained teams to seek inexpensive and reduced-feature firewalls similar in capabilities to traditional firewalls.
The extra features and costs of NGFW will be wasted on simple tasks and a low-cost and simplified firewall provides a more appropriate solution.
These organizations may still use NGFW to protect their general networks but will find the packet inspection a performance bottleneck in front of high-speed application servers.
All NGFWs include the original capabilities developed for the first generations of firewalls.
Automatically dropping unauthorized and unwanted traffic also reduces the number of packets upon which an NGFW will need to perform deep packet inspection.
Proxy capabilities allow a firewall to act as a single point of contact for sources outside of the firewall's network and the firewall will then redirect traffic to the specific assets behind the firewall.
Where a traditional firewall can either allow or block access to Facebook, an NGFW can allow Facebook, but block Facebook games.
To enable deep packet inspection, NGFWs decrypt secure socket layer, secure shell, or other encrypted connections to inspect the encrypted data for signs of malicious behavior.
NGFW will typically integrate the firewall vendor's threat intelligence feed, but some buyers will also want an NGFW that can incorporate a variety of threat feeds for enhanced detection.
Some NGFW can challenge the capabilities of standalone IPS appliances, but before replacing IPS systems, test the NGFW capabilities under realistic threat and load conditions.
NGFW can integrate with IT user directories and alter firewall rules based upon users and user groups.
NGFW enhances security compared to most other types of firewalls but will not be the best solution for all traffic filtering needs.
NGFW typically replaces a traditional firewall in a traditional castle-and-moat security model which may not be the best solution for the protection of modern IT infrastructure.
All firewalls, even NGFWs, depend upon proper setup to provide effective protection and one misconfigured or bad firewall rule can cripple even the most powerful security function.
As a first step to deploy an effective NGFW, learn about the best NGFW solutions.
This Cyber News was published on www.esecurityplanet.com. Publication date: Fri, 09 Feb 2024 17:13:06 +0000