NGFW vs. Traditional Firewalls

 

Traditional firewalls and NGFWs are both designed to detect and block malicious or unwanted traffic that crosses network boundaries. However, this occurs at different levels of the TCP/IP network protocol stack.

Traditional firewalls operate primarily at the TCP and IP layers of the protocol stack. They restrict the types of traffic that can enter or leave their protected network by checking the IP addresses and port numbers of inbound and outbound packets. However, their inability to see the contents of network packets leaves them blind to many modern threats.

NGFWs, on the other hand, operate at the application layer of the protocol stack. Their understanding of application traffic and ability to decrypt encrypted traffic streams allows them to identify and control application traffic and also block a wider range of threats. And unlike traditional firewall policies based on IP and service ports,

NGFWs integrate user and machine identity into security policies, which better captures business intent and provides better insight into traffic patterns within an organization.

NGFW Capabilities

As the foundation of an enterprise network security strategy, the NGFW is responsible for protecting the enterprise network from incoming threats and enforcing network segmentation, which is the cornerstone of an effective Zero Trust security strategy.

To achieve these goals, a modern ngfw must include the following core capabilities:

Application and User Control: The NGFW provides visibility into application-level network traffic and the different users on the network. This allows the NGFW to enforce granular Zero Trust access control.