What is a Next-Generation Firewall?
Before, basic firewalling was situated in the 4th layer of the OSI model. In short, this meant the firewall was able to block or allow traffic based on the source or destination. For example, person X can browse the web, while person Y can’t or only person X can make and RDP connection to an external server.
These days there is more to the web than just web pages and browsers navigating them. We are having more and more different devices accessing the web, but also devices trying to access our network. To be able to provide secure access from and to our network, we need a firewall that understands more than just source, destination, and ports. This is where the Next Generation Firewall (NGFW) comes in, a device that is able to ‘see’ traffic up to layer 7 of the OSI model.
Detect viruses that may be hidden in normal HTTP/HTTPS traffic (and would be allowed by a traditional firewall)
Categorize the web traffic to decide if it is allowed (block/allow social media, ect... )
Block certain content on a site without blocking the site itself (advertising, plugins, etc...)
Detect manipulations to your internal servers (SQL injection, Adobe Flash vulnerabilities, etc...)