The need for better network protection continues to increase as cyberattacks become more common and sophisticated. As a result, businesses and IT professionals can no longer rely upon the same security controls used years ago. Enter the Next Generation Firewall (NGFW), an advanced tool capable of defending your network against today’s more sophisticated cyber threats. In this article, we’ll compare and contrast the features of today’s NGFW against traditional firewalls, demonstrating how NGFWs give way to the next great thing in security.
The Traditional Firewall
A traditional hardware firewall is a device that controls the incoming and outgoing traffic of a network, including but not limited to Internet, e-mail transfer, web browsing, remote access, VPN connections, etc. Common features of traditional firewalls include:
- Internet routing
- IP/port routing – The ability to direct certain types of traffic to a specific device
- Network address translation – Ability for several devices to share the same IP address
- VPN capability (very basic) – Secure tunnel between devices
- Very basic content filtering (if any at all) – Allow/block certain content
- Controls to allow/block certain types of traffic
The Next Generation Firewall (NGFW)
A NGFW helps eliminate management complexity and improves network security by integrating multiple security technologies into a single platform. It blends the features of a traditional firewall while also offering these additional security features:
- Global IP address blacklisting – The ability to block known malicious sources
- Internet failover – The ability to utilize two separate ISPs (so if one is down you can still work)
- Advanced content filtering and reporting –More robust options, report by user, site, time, etc.
- LDAP integration – Content controls based on Active Directory
- Wireless access point (public and private) – Public and private wireless connections
- Controls to block or allow traffic based it’s type or source
- Dual factor authentication – Additional layer of security (pin or token based)
- Encrypted VPN – Encoding data so only the appropriate computer can read it
- Hardware antivirus – Protects all devices even if AV isn’t installed locally
- Deep packet inspection – All traffic is scanned for viruses, spam, intrusions, etc.
Most business may not know which type of firewall they have, just that they have one. The best comparison that I can make is that a basic firewall is like a car from the 90’s (possibly no air bags, no GPS, no MP3, and the classic roll down windows) and a NG is like a new/modern car (air bags front and side, navigation, satellite and most importantly, power windows). During the 90’s this vehicle would have been considered safe, but as malicious sources have gotten more advanced, businesses need more advanced systems to protect themselves.