Knowledge · Security · Untangle NGFW

Defining Next Generation Firewall

Let’s identify the meaning of Next Generation Firewall (NGFW), but before identifying NGFW, we will need to explore other terms that may lead to term conflicts:

  • Firewall: This blocks traffic based on the predefined port and IP-based policies.
  • Stateful firewall: The firewall sets a stateful table that remembers the user’s traffic. The firewall will block all traffic initiated from outside the network and not by an internal user. If the incoming traffic was requested by the internal user (which is determined based on the stateful table), the firewall will allow this traffic.
  • Proxy: The user sends traffic to the proxy, which will send the traffic to the external world on behalf of the user. The incoming traffic will be ended on the proxy, which will forward it to the appropriate user. As the traffic passes through the proxy, the proxy could scan the traffic and implement policy control based on the IP address, user ID, and so on.
  • Security gateway: This is also known as application aware firewall or layer 7 firewall. This has the ability to look at the application layer while the traffic passes through it to identify and stop the threats.
  • Unified Threat Management (UTM): Instead of buying multiple security devices with different roles and putting them in series (for example,using IPS device and spam filtering device), you can buy an UTM that combines all these roles into one device.
  • NG firewall: While the UTM is just about collecting services together, NGFW has other specifications, as defined by Gartner:
    • The UTM collocates security services under a single appliance, whereas NGFW integrates them. For example, in UTM, the packet is scanned by the firewall role, then passed to the IPS role and finally to the antivirus role. Whereas in NGFW, the firewall is integrated with the IPS, antivirus, and so on, resulting in a single-pass engine (that is, the packet is scanned by the different rules simultaneously).
    • Include the first generation firewall capabilities, for example, network address translation (NAT), stateful protocol inspection, virtual private networking (VPN), and so on.
    • Integrated signature-based IPS engine.
    • Application awareness, full-stack visibility, and granular control.
    • The ability to set directory-based policies (for example, policies based on Microsoft Active Directory group membership).
    • The ability to decrypt and scan HTTPS traffic.

Based on Gartner’s definition, we could say that every NGFW is in necessity a UTM, but not every UTM is a NGFW.

Interested in More Information about NGFW and security – Review my book:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s