Traditional Firewall vs. Next Generation Firewall
- 1. TRADITIONAL FIREWALL VS. NEXT GENERATION FIREWALL www.router-switch.com 1
- 2. WHAT IS A TRADITIONAL FIREWALL? A traditional firewall, as it is currently defined, includes a device that is able to control the traffic that is allowed to enter or exit a point within the network. It can typically do this either using a stateless method or a stateful method depending on the type of protocol being run on it. www.router-switch.com 2
- 3. WHAT IS A NEXT GENERATION FIREWALL (NGFW)? A Next-Generation Firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Generally, there are a couple of features that are included within a NGFW offering: • Application Awareness, • Stateful Inspection, • Integrated Intrusion Protection System (IPS), • Identity Awareness (User and Group Control), • Bridged and Routed Modes, • And the ability to utilize external intelligence sources. www.router-switch.com 3
- 4. SIMILARITIES • Both of traditional firewalls and NGFWs have the same purpose– to protect an organization’s network and data assets. In terms of the software components packaged by the two, they both include some variation of the following: • Static packet filtering that blocks packets at the point of interface to a network, based on protocols, ports, or addresses • Stateful inspection or dynamic packet filtering, which checks every connection on every interface of a firewall for validity • Network address translation for re-mapping the IP addresses included in packet headers • Port address translation that facilitates the mapping of multiple devices on a LAN to a single IP address • Virtual private network (VPN) support, which maintains the same safety and security features of a private network over the portion of a connection that traverses the internet or other public network www.router-switch.com 4
- 5. DIFFERENCES • Gartner Research was one of the early champions of NGFWs, and even though the idea has been around for several years now and the need for them pressing, less than 20% of all enterprise Internet connections today are secured by them. By the end of 2014, that number was expected to rise, according to Gartner, to something nearly 35%. • Before describing the differences between traditional and next- generation, a working definition of an NGFW might be in order, and according to Gartner, that is “a deep-packet inspection firewall that moves beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.” www.router-switch.com 5
- 6. NGFW SOLUTIONS COMPARISON Furthermore, we share you a side by side comparison of these five NGFW solutions, including Cisco, CheckPoint, Fortinet, WatchGuard and Dell. Please note that this table only includes metrics that differ between the products; for example, since all of the products have the same evasion results, that row is not included in the table below. www.router-switch.com 6
- 8. SOURCE • http://www.tomsitpro.com/articles/next-generation-firewall-vendors,2-847-2.html • http://www.mydigitalshield.com/traditional-firewalls-vs-next-generation-firewalls/ • http://www.ipwithease.com/traditional-firewall-vs-next-generation-firewall/ • https://www.volico.com/traditional-and-next-generation-firewalls-explained/ • http://www.router-switch.com/cisco-next-generation-firewalls.html www.router-switch.com 8