We are always talking about the NGFW, but what is the NGFW?
NGFW means Next Generation Firewall. Well, someone may ask, who is this generation firewall?
Actually, there is not “this generation firewall”. NGFW is designed to replace the traditional firewall.
Today, in this article, we’re going to discuss the differences between the Traditional Firewall and Next Generation Firewall (NGFW).
What is a Traditional Firewall?
A traditional firewall, as it is currently defined, includes a device that is able to control the traffic that is allowed to enter or exit a point within the network. It can typically do this either using a stateless method or a stateful method depending on the type of protocol being run on it.
What is a Next Generation Firewall (NGFW)?
A Next-Generation Firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Generally, there are a couple of features that are included within a NGFW offering:
·Application Awareness,
·Stateful Inspection,
·Integrated Intrusion Protection System (IPS),
·Identity Awareness (User and Group Control),
·Bridged and Routed Modes,
·And the ability to utilize external intelligence sources.
Similarities
Both of traditional firewalls and NGFWs have the same purpose– to protect an organization’s network and data assets. In terms of the software components packaged by the two, they both include some variation of the following:
Ø Static packet filtering that blocks packets at the point of interface to a network, based on protocols, ports, or addresses
Ø Stateful inspection or dynamic packet filtering, which checks every connection on every interface of a firewall for validity
Ø Network address translation for re-mapping the IP addresses included in packet headers
Ø Port address translation that facilitates the mapping of multiple devices on a LAN to a single IP address
Ø Virtual private network (VPN) support, which maintains the same safety and security features of a private network over the portion of a connection that traverses the internet or other public network
Differences
Gartner Research was one of the early champions of NGFWs, and even though the idea has been around for several years now and the need for them pressing, less than 20% of all enterprise Internet connections today are secured by them. By the end of 2014, that number was expected to rise, according to Gartner, to something nearly 35%.
Before describing the differences between traditional and next-generation, a working definition of an NGFW might be in order, and according to Gartner, that is “a deep-packet inspection firewall that moves beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.”
NGFW Solutions Comparison
Furthermore, we share you a side by side comparison of these five NGFW solutions, including Cisco, CheckPoint, Fortinet, WatchGuard and Dell.
Please note that this table only includes metrics that differ between the products; for example, since all of the products have the same evasion results, that row is not included in the table below.
Sources:
http://www.tomsitpro.com/articles/next-generation-firewall-vendors,2-847-2.html
http://www.mydigitalshield.com/traditional-firewalls-vs-next-generation-firewalls/
http://www.ipwithease.com/traditional-firewall-vs-next-generation-firewall/