|
Next Generation Firewall (NGFW)
|
In the early days of the Internet, a firewall provided network security by filtering traffic based on service ports and IP addresses. With the increasing complexity of services and diversification of cyberattacks, companies had to deploy multiple appliances such as web proxy server, Intrusion Prevention System (IPS), VPN Server etc. to defend their networks.
|
In the year 2003, International Data Group (IDC) named the new 'all-in-one' firewalls launched by a few network security players as Unified Threat Management (UTM) Firewall. Because Virtual Private Network (VPN) functionality is commonly built-in to the firewall, the appliances are widely known as UTM VPN Firewall. |
|
|
|
A UTM VPN firewall typically possesses, not limited to, the following features:
|
|
Stateful packet inspection firewall |
|
|
Web filtering that blocks website URLs based on content classifications |
|
|
Antivirus/anti-malware to detect and block virus hidden in web or email traffic |
|
|
Intrusion Prevention System (IPS) to detect & block malicious traffic |
|
|
Application Control to manage and block traffic based on application behaviours |
|
|
Antispam spam filtering to filter junk emails & phishing attempts |
|
|
Quality of Service (QoS) for traffic flow enhancements & bandwidth management |
|
|
Static/dynamic and policy routing capability |
|
|
VPN services for site-to-site connectivity and mobile VPN for road warriors |
|
|
|
|
|
Email/ Antispam Filtering |
|
QoS/ Bandwidth Management |
|
|
|
While UTM VPN firewalls provide overall network security with advanced protection options to the corporate and Small-and-medium Businesses (SMB), modern firewall manufacturers are integrating and enhancing even more security intelligent services into the firewall devices. The new breed of firewall is known as the Next Generation Firewall (NGFW). |
|
NGFW exhibits major improvements in the coordination & communication between the multiple services that UTM firewalls consolidated. NGFW makers also enhance and extend the capability by leveraging AI and cloud computing resources. |
|
NGFW makers promote a centralized dashboard or pane of glass to unify the local and online services and give the system administrator a clear and concise picture of network security. |
|
|
Characteristics of
NGFW includes
|
|
|
|
1
|
|
Real-time, automated communication between services allows for devices to be isolated & quarantined after an incident until IT can respond |
|
|
2
|
|
Cloud-based Sandbox technology provides quarantine & detonation of potentially harmful files |
|
|
3
|
|
Everything from security policies, UTM features, user groups, access control lists, WiFi etc. can be managed through a single dashboard |
|
|
4
|
|
Maintaining network performance even with multiple complex security services operating in tandem is key to NGFW |
|
|
5
|
|
Integrated Intrusion Prevention with deep packet scanning, e.g. SSL Deep Inspection |
|
|
|
ITWin provides a wide range of UTM VPN Firewalls and Next Generation Firewalls (NGFW) from Fortinet, SonicWall, Cisco, WatchGuard, Sangfor and Palo Alto. |
|
|
|