Next-Generation Firewall (NGFW)


A next-generation firewall (NGFW) is, by most definitions, a third generation of firewall technology, which combines a traditional firewall with other network security functions, including deep packet inspection (DPI), intrusion detection system (IDS), intrusion prevention system (IPS), network sandboxing and any other network security feature and/or function.

While first-generation firewalls were focused on functions like packet filtering, network-address translation (NAT), virtual private network (VPN) support, the second generation firewalls operated up to layer 4 (transport layer) of the OSI model. These second generation firewalls retained packets in order to evaluate its state, which is why they are usually referred to as “stateful packet inspection” firewalls.

The next generation firewalls (NGFWs) combine all these functions but also reach up to layer 7 of the OSI model (application layer), by not only examining the state but also a content of those packets. The next generation firewalls (NGFWs) give network administrators a greater control over individual applications as well as deeper inspection capabilities by allowing them to block certain application traffic and not just traffic on certain ports as well as close network ports that are not in used at the time.

Next generation firewall (NGFW) solutions can be hardware, virtual or cloud-based and are evolving to include plenty of other security features, including SSL encrypted traffic inspection, sandboxing and threat intelligence, as well as standard features like deep packet inspection (DPI), IDS/IPS, antivirus inspection, website filtering and others. Some also suggest that NGFWs will evolve to extensively use artificial intelligence and machine learning to anticipate advanced cyber attacks and fight AI-enabled attacks.

While there was an obvious rise of network security attacks in the last few years, NGFWs had relatively slow adoption as, according to Gartner, under 40 percent of enterprises were secured using NGFWs. On the other hand, Gartner also expects that NGFWs will gain significant share in network security in the coming years, securing over 85 percent of enterprise connection by the end of 2018.

There are plenty of known vendors that have been creating next generation firewalls as well as evolving them to a complete solution that could protect enterprises from most network attacks including Cisco, Fortinet, Palo Alto Networks, Juniper Networks, Barracuda Networks, Check Point Software Technologies, Sophos, and others.

While most companies are still focusing and looking to adopt next generation firewalls, cloud-computing is evolving at a rapid rate, pushing cloud security as a next big thing, with software-based micro-segmentation network security tools, including the Cisco Application Centric Infrastructure (ACI) or VMware’s NXS Network Virtualization and Security Platform. There is also a big focus on cloud-services with SaaS providers that can effectively replace NGFW for certain customers.