What is a next-generation firewall?

Short answer

A Next-Generation Firewall (NGFW) combines traditional firewall capabilities with advanced features like application awareness, intrusion prevention, malware filtering, and threat intelligence feeds.

How it works

NGFWs inspect traffic beyond Layer 3 and 4. They identify applications regardless of port, decrypt TLS traffic for inspection, enforce user identity-based policies, and block known threats using integrated IPS signatures.

Some NGFWs include sandboxing to analyze unknown files in isolated environments before allowing them into the network.

Example

An NGFW can block peer-to-peer file sharing on any port while allowing legitimate HTTPS traffic. It can also detect and block a command-and-control beacon inside an encrypted tunnel.

Why it matters

Traditional port-based firewalls are blind to application-layer threats. NGFWs provide deeper visibility and control, reducing the risk of advanced persistent threats and data exfiltration.