next-generation firewall

One of the first mentions of the NGFW term was in a 2004 document by Gartner. Kenneth Tam speculated that the term Unified Threat Management (UTM) was coined by IDC because they did not want to adopt the name of their competitor.{{Cite book |title=UTM security with Fortinet: Mastering FortiOS |date=2013 |publisher=Syngress |isbn=978-1-59749-977-4 |location=S.l. |page=19}}

NGFWs include the typical functions of traditional firewalls such as packet filtering,{{cite web |url=http://www.cnmeonline.com/features/next-gen-security/ |title=Next gen security |first=Ben |last=Rossi |date=7 August 2012}} network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents. The most significant differences are that NGFWs include intrusion prevention systems (IPS) and application control.{{cite web |last1=Pescatore |first1=John |last2=Young |first2=Greg |title=Defining the Next-Generation Firewall |url=https://www.gartner.com/en/documents/1204914 |website=Gartner |access-date=12 October 2009}}

Next-generation firewalls perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls.{{cite web |url=https://www.techrepublic.com/article/next-generation-firewalls-security-without-compromising-performance/ |title=Next-generation firewalls: Security without compromising performance |first=Patrick |last=Sweeney |date=17 October 2012}} NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware.{{cite web |url=https://www.networkcomputing.com/careers-and-certifications/next-generation-firewalls-101/ |title=Next-Generation Firewalls 101 |first=Frank J. |last=Ohlhorst |date=1 March 2013}}

{{unsourced|section|date=August 2019}}

Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.

Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But blocking a web application that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.

Protection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.

NGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular "allow/deny" rules for controlling use of websites and applications in the network.

• Comparison of antivirus software
• Comparison of firewalls
• Internet security
• Network security
• Unified threat management

Category:Firewall software