A next generation firewall is a must-have in nowadays cybersecurity environments. NGFWs improve traditional firewalls in many ways, to improve network security.
According to Gardner, “Next-generation firewalls (NGFWs) are deep-packet inspection firewalls that move beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall”.
Table of Contents
- Types of firewalls in network security
- Next generation firewall features
- Benefits of NGFWs
- Disadvantages of NGFWs
So, let’s start by inspecting the evolution of firewalls so we can understand better what the new capabilities of NGFWs are.
Types of firewalls in network security
Let’s start by stating what are the basic operations one can expect from a firewall:
- Filters income and outgoing traffic
- Based on a set of rules
- Allows only desired traffic
See in the table below 4 types of firewalls. Some literature defines more, but usually, the others can also be classified within the following four.
Notice that different types of firewalls work at different layers of the OSI model.
Type | Characteristics | Layers |
Proxy firewall | Used as intermediary between internal and external networksUse to protect a server from malicious clientsUsed to anonymize client traffic | Layer 7 |
Packet filtering a.k.a. stateless firewall | Access Control Lists define the rules that are applied to the traffic.Traffic is filtered by using source and destination IP addresses and ports.If one rule is matched, traffic is allowed. | Layers 3 and 4 from the OSI model |
Circuit-level gateway | Identify malicious content based on TCP handshakes and other network protocol session initiation messages. | Layer 5 or between layers 6 and 7 |
Stateful firewall | Create rules dynamically to allow traffic to leave the networkKeeps information in a state tableLess administrative overhead | Layers 3 and 4 from the OSI model |
Next Generation Firewall | Analyze traffic at the application levelCan decrypt trafficURL filteringIntegrates with other systems in the networkCloud-based malware protectionIntrusion Prevention System (IPS) | From layer 2 up to layer 7 |
No, let’s dive deep into the next generation firewalls.
Next generation firewall features
As you can see from the table in the previous section, NGFWs have the most comprehensive characteristics to help us secure a network.
These characteristics and features, allow us to have granular security measures throughout a network. Also, these are the result of the evolution of malicious attacks.
Because attackers are using more application vulnerabilities, compared with port vulnerabilities, an improvement in the technologies used to prevent security breaches is also needed.
See below some of the features available in modern NGFWs:
Standard firewall capabilities: Included stateful traffic inspection. Usually done by inspecting the packets header.
Deep packet inspection: This capability allows the firewall to “look” deeper inside the traffic packets and detect malware, even decrypt traffic. It happens by inspecting the body of the packets, not only the headers.
Intrusion Prevention System: This includes the functionalities of an Intrusion Detection System, plus the possibility to take action against the intrusion.
Cloud malware protection: Cloud services that analyze possible new threats within the traffic. When the NGFW is unsure whether the traffic can contain malware or not, this type of service can be used. This usually happens when new malware is created and still not recognized by the NGFW. Wildfire is an example of such a system.
Geolocation: Can analyze traffic by correlating the IP address and physical locations. It can be useful for location-based policies.
Multiprotocol security: It can secure all the protocols used in your network. For instance, a proxy firewall is not compatible with several protocols. Usually limited to HTTP/HTPPS protocols.
Application-level rules: NGFW can deny/allow traffic depending on the destination application of the traffic. Standard firewalls don’t have this capability.
Thread intelligence: NGFW can use internal and external information about possible threats. It is used to identify well-known threats as well as new ones. It can use IP reputation information, among other resources.
NGFWs can also be software or hardware.
All these capabilities, and many more that NGFWs usually have, make them a must-have in any network. Also, they are especially useful to provide granular access policies, and micro-segmentation, and avoid lateral (south-west) traffic in a zero trust network architecture.
Benefits of NGFWs
The main benefits of NGFWs are described below:
- Ability to block malware. Traditional firewalls were unable to do this.
- Application-specific rules. They can block/allow traffic depending on what application the traffic is coming, from or to what application the traffic is going. This is especially helpful to prevent unauthorized access to applications. It is also useful in work-from-home environments. It helps prevent lateral traffic in the network.
- They are context-aware.
- Provides a security infrastructure that is easier and cheaper to maintain, update and manage.
Disadvantages of NGFWs
There are no disadvantages to using firewalls when we consider what they are for. However, In the case of NGFWs, compared with other types of firewalls, can say that:
- They use more resources.
- NGFWs can be more difficult to configure, due to more options.
- They can be slower than other types of firewalls, due to all the capabilities they have.