For VendorsBlog
Login

NGFW - next-generation firewall

NGFW - next-generation firewall

A next-generation firewall (NGFW) is a part of the third generation of firewall technology that is implemented in either hardware or software and is capable of detecting and blocking sophisticated attacks by enforcing security policies at the application, port and protocol levels.

NGFWs typically feature advanced functions including:

  • application awareness;
  • integrated intrusion prevention systems (IPS);
  • identity awareness -- user and group control;
  • bridged and routed modes;
  • the ability to use external intelligence sources.

Of these offerings, most next-generation firewalls integrate at least three basic functions: enterprise firewall capabilities, an intrusion prevention system (IPS) and application control.

Like the introduction of stateful inspection in traditional firewalls, NGFWs bring additional context to the firewall's decision-making process by providing it with the ability to understand the details of the web application traffic passing through it and to take action to block traffic that might exploit vulnerabilities.

The different features of next-generation firewalls combine to create unique benefits for users. NGFWs are often able to block malware before it enters a network, something that wasn't previously possible.

NGFWs are also better equipped to address advanced persistent threats (APTs) because they can be integrated with threat intelligence services. NGFWs can also offer a low-cost option for companies trying to improve basic device security through the use of application awareness, inspection services, protection systems and awareness tools.

Compare of products in the category NGFW - next-generation firewall

Please turn the screen for optimal content display

Compare: NG Firewall

Characteristics

Antivirus and antispyware functions

IDS/IPS availability

Functionalities

Bot protection

DDOS protection

Data Leak Prevention

Network behavior analysis support

Sandboxing support

Context-aware policy

Application level attacks protection (Application Intelligence)

Two-factor authentication (2FA)

Certificates based authentication

Available proxy modes

Management

Deployment options

Integrations

OS and hardware

  • SSL VPN remote access
  • Application control
  • IPv4/IPv6 protocols
  • Hiding adresses with NAT
  • DHCP
  • Decrypting SSL traffic
  • IPSec Site to Site VPN tunnels
  • Stateful TCP/IP stack
  • URL filtering
  • Configuring static and dynamic routing
  • Application control
  • Decrypting SSL traffic
  • URL filtering
  • SSL VPN remote access
  • Application control
  • IPv4/IPv6 protocols
  • Hiding adresses with NAT
  • DHCP
  • IPSec Site to Site VPN tunnels
  • Stateful TCP/IP stack
  • URL filtering
  • Configuring static and dynamic routing
  • SSL VPN remote access
  • Application control
  • IPv4/IPv6 protocols
  • Hiding adresses with NAT
  • DHCP
  • Decrypting SSL traffic
  • IPSec Site to Site VPN tunnels
  • Stateful TCP/IP stack
  • URL filtering
  • Configuring static and dynamic routing
  • SSL VPN remote access
  • Application control
  • IPv4/IPv6 protocols
  • Hiding adresses with NAT
  • DHCP
  • IPSec Site to Site VPN tunnels
  • Configuring static and dynamic routing
  • SSL VPN remote access
  • Application control
  • IPv4/IPv6 protocols
  • Hiding adresses with NAT
  • DHCP
  • IPSec Site to Site VPN tunnels
  • Stateful TCP/IP stack
  • URL filtering
  • Configuring static and dynamic routing
  • N/A
  • SSL VPN remote access
  • Application control
  • IPv4/IPv6 protocols
  • Hiding adresses with NAT
  • Decrypting SSL traffic
  • IPSec Site to Site VPN tunnels
  • Stateful TCP/IP stack
  • Configuring static and dynamic routing
  • SSL VPN remote access
  • Application control
  • IPv4/IPv6 protocols
  • Hiding adresses with NAT
  • IPSec Site to Site VPN tunnels
  • Stateful TCP/IP stack
  • URL filtering
  • Configuring static and dynamic routing
  • SSL VPN remote access
  • Application control
  • IPv4/IPv6 protocols
  • Hiding adresses with NAT
  • DHCP
  • IPSec Site to Site VPN tunnels
  • Stateful TCP/IP stack
  • URL filtering
  • Configuring static and dynamic routing
  • SSL VPN remote access
  • Application control
  • IPv4/IPv6 protocols
  • Hiding adresses with NAT
  • DHCP
  • Decrypting SSL traffic
  • IPSec Site to Site VPN tunnels
  • Stateful TCP/IP stack
  • URL filtering
  • Configuring static and dynamic routing
  • SSL VPN remote access
  • Application control
  • IPv4/IPv6 protocols
  • Hiding adresses with NAT
  • DHCP
  • IPSec Site to Site VPN tunnels
  • Stateful TCP/IP stack
  • URL filtering
  • Configuring static and dynamic routing
  • SSL VPN remote access
  • Application control
  • IPv4/IPv6 protocols
  • Hiding adresses with NAT
  • DHCP
  • Decrypting SSL traffic
  • IPSec Site to Site VPN tunnels
  • Stateful TCP/IP stack
  • URL filtering
  • Configuring static and dynamic routing
  • SSL VPN remote access
  • Application control
  • IPv4/IPv6 protocols
  • Hiding adresses with NAT
  • DHCP
  • IPSec Site to Site VPN tunnels
  • Stateful TCP/IP stack
  • URL filtering
  • Configuring static and dynamic routing
  • SSL VPN remote access
  • Application control
  • IPv4/IPv6 protocols
  • Hiding adresses with NAT
  • DHCP
  • Decrypting SSL traffic
  • IPSec Site to Site VPN tunnels
  • Stateful TCP/IP stack
  • URL filtering
  • Configuring static and dynamic routing
  • SSL VPN remote access
  • Application control
  • IPv4/IPv6 protocols
  • Hiding adresses with NAT
  • DHCP
  • IPSec Site to Site VPN tunnels
  • Stateful TCP/IP stack
  • URL filtering
  • Configuring static and dynamic routing
  • N/A
  • SSL VPN remote access
  • Application control
  • IPv4/IPv6 protocols
  • Hiding adresses with NAT
  • DHCP
  • IPSec Site to Site VPN tunnels
  • Stateful TCP/IP stack
  • URL filtering
  • Configuring static and dynamic routing
  • Application control
  • Decrypting SSL traffic
  • URL filtering
  • Reverse proxy
  • DNS proxy
  • N/A
  • Reverse proxy
  • Reverse proxy
  • N/A
  • N/A
  • N/A
  • Reverse proxy
  • DNS proxy
  • Reverse proxy
  • N/A
  • Reverse proxy
  • Reverse proxy
  • Reverse proxy
  • DNS proxy
  • Reverse proxy
  • DNS proxy
  • DNS proxy
  • Reverse proxy
  • DNS proxy
  • N/A
  • Reverse proxy
  • DNS proxy
  • DNS proxy
  • Bandwidth
  • Configuration console
  • N/A
  • Bandwidth
  • Configuration console
  • Bandwidth
  • Configuration console
  • N/A
  • Bandwidth
  • N/A
  • Bandwidth
  • Configuration console
  • Bandwidth
  • Configuration console
  • Configuration console
  • Bandwidth
  • Configuration console
  • Bandwidth
  • Configuration console
  • Bandwidth
  • Configuration console
  • Bandwidth
  • Configuration console
  • Bandwidth
  • Configuration console
  • Bandwidth
  • Configuration console
  • N/A
  • Bandwidth
  • Configuration console
  • Bandwidth
  • High availability
  • Routed/Transparent mode
  • Virtualized environment
  • Virtualized environment
  • High availability
  • Routed/Transparent mode
  • High availability
  • Routed/Transparent mode
  • Virtualized environment
  • High availability
  • Routed/Transparent mode
  • Virtualized environment
  • High availability
  • N/A
  • High availability
  • Virtualized environment
  • High availability
  • Routed/Transparent mode
  • Virtualized environment
  • Routed/Transparent mode
  • Virtualized environment
  • High availability
  • Routed/Transparent mode
  • High availability
  • Routed/Transparent mode
  • Virtualized environment
  • High availability
  • Routed/Transparent mode
  • Virtualized environment
  • High availability
  • Virtualized environment
  • High availability
  • Routed/Transparent mode
  • High availability
  • Routed/Transparent mode
  • Virtualized environment
  • N/A
  • High availability
  • Routed/Transparent mode
  • Virtualized environment
  • N/A
  • Threat Intelligence
  • Active Directory
  • SIEM
  • AAA-servers
  • Network security policy management
  • N/A
  • Threat Intelligence
  • Active Directory
  • SIEM
  • AAA-servers
  • Network security policy management
  • Threat Intelligence
  • Active Directory
  • SIEM
  • AAA-servers
  • Network security policy management
  • N/A
  • Active Directory
  • Threat Intelligence
  • Threat Intelligence
  • Active Directory
  • SIEM
  • AAA-servers
  • Network security policy management
  • Threat Intelligence
  • Active Directory
  • SIEM
  • AAA-servers
  • Network security policy management
  • N/A
  • Threat Intelligence
  • Active Directory
  • SIEM
  • AAA-servers
  • Network security policy management
  • Threat Intelligence
  • Active Directory
  • SIEM
  • AAA-servers
  • Network security policy management
  • Threat Intelligence
  • Active Directory
  • SIEM
  • IAM
  • AAA-servers
  • Network security policy management
  • Threat Intelligence
  • Active Directory
  • SIEM
  • AAA-servers
  • Network security policy management
  • Active Directory
  • Threat Intelligence
  • Active Directory
  • SIEM
  • AAA-servers
  • Network security policy management
  • N/A
  • Threat Intelligence
  • Active Directory
  • SIEM
  • AAA-servers
  • Network security policy management
  • N/A
Found mistake? Write us.

The most popular products in category NGFW - next-generation firewall All category products

Suppliers NGFW - next-generation firewall

Cisco

Cisco

Cisco Systems, Inc. is an American multinational corporation technology company headquartered in San Jose, California, that designs, manufactures and... Read more
Vendor, Supplier
Esdenera Networks

Esdenera Networks

Esdenera is dedicated to the development of new networking and security technology that is catching the pace of modern cloud-based,... Read more
Vendor, Supplier
Forcepoint

Forcepoint

Forcepoint, previously known as Websense and Raytheon|Websense, is an Austin-based company owned by US defense contractor Raytheon specializing in... Read more
Vendor, Supplier

F.A.Q about NGFW - next-generation firewall

What is a next-generation firewall (NGFW)?

An NGFW contains all the normal defences that a traditional firewall has as well as a type of intrusion prevention software and application control, alongside other bonus security features. NGFWs are also capable of deep packet inspection which enables more robust filters.

Intrusion prevention software monitors network activity to detect and stop vulnerability exploits from occurring. This is usually done by monitoring for breaches against the network policies in place as a breach is usually indicative of malicious activity.

Application control software simply sets up a hard filter for programs that are trying to send or receive data over the Internet. This can either be done by blacklist (programs in the filter are blocked) or by whitelist (programs not in the filter are blocked).

Materials