{"id":33947,"date":"2024-02-09T16:15:18","date_gmt":"2024-02-09T16:15:18","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=33947"},"modified":"2024-02-23T18:11:10","modified_gmt":"2024-02-23T18:11:10","slug":"what-is-a-next-generation-firewall","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/","title":{"rendered":"What Is a Next-Generation Firewall?"},"content":{"rendered":"\n<p>A next generation firewall (NGFW) performs deep packet inspection to check the contents of the data flowing through the firewall. Unlike more basic firewalls that only check the header of data packets, NGFWs examine and evaluate the payload data within the packet. This deep packet inspection provides the basis for the various NGFW features that improve malware blocking.<\/p>\n\n\n<!-- ICP Plugin: Start --><div class=\"icp-list icp-list-main icp-list-body-top3 row\">\n    \n        <!--\n            ICP Plugin - body top3\n            ----------\n            Category: \n            Country: HK\n        -->\n    <\/div>\n<!-- ICP Plugin: End -->\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_68_1 ez-toc-wrap-left counter-flat ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-66d6fea10e8ab\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-66d6fea10e8ab\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#How-Next-Generation-Firewalls-Work\" title=\"How Next-Generation Firewalls Work\">How Next-Generation Firewalls Work<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#Who-Needs-a-Next-Gen-Firewall\" title=\"Who Needs a Next-Gen Firewall?\">Who Needs a Next-Gen Firewall?<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#5-Primary-Features-Capabilities-of-Next-Generation-Firewalls\" title=\"5 Primary Features &amp; Capabilities of Next-Generation Firewalls\">5 Primary Features &amp; Capabilities of Next-Generation Firewalls<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#Top-3-NGFW-Advantages\" title=\"Top 3 NGFW Advantages\">Top 3 NGFW Advantages<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#4-Disadvantages-of-NGFWs\" title=\"4 Disadvantages of NGFWs\">4 Disadvantages of NGFWs<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#NGFW-vs-Traditional-Firewalls-Other-Solutions\" title=\"NGFW vs Traditional Firewalls &amp; Other Solutions\">NGFW vs Traditional Firewalls &amp; Other Solutions<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#Bottom-Line-Effective-NGFW-Protection-Requires-Effective-Rules\" title=\"Bottom Line: Effective NGFW Protection Requires Effective Rules\">Bottom Line: Effective NGFW Protection Requires Effective Rules<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"How-Next-Generation-Firewalls-Work\"><\/span>How Next-Generation Firewalls Work<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Through next-generation firewalls, all information transmitted by computers through any network is broken into transmittable chunks, known as the data portion of a packet. The data is wrapped in instructions for how to deliver that data (IP address, destination port, etc.) which is known as the packet header.<\/p>\n\n\n\n<p>Data packets add header instructions classified under either the open systems interconnection (OSI) model or one of the transmission control protocol \/ internet protocol (TCP\/IP) models. All <a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-firewalls\/\">firewalls<\/a> filter based on <a href=\"https:\/\/www.esecurityplanet.com\/networks\/firewall-rules\/\">rules<\/a> for network and transport layer information and many newer firewalls can also filter on the data link layer to block malicious IP addresses and URLs.<\/p>\n\n\n\n<p>The table below outlines the layer instructions added to the packet header and the associated layer according to the OSI model and each of the TCP\/IP models.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>OSI Layer&nbsp;<\/th><th>4-Layer TCP\/IP<\/th><th>5-Layer TCP\/IP<\/th><th>Layer Instructions for:<\/th><\/tr><\/thead><tbody><tr><td>7. Application<\/td><td>4. Application<\/td><td>4. Application<\/td><td>Sending and receiving application information&nbsp;<\/td><\/tr><tr><td>6. Presentation<\/td><td>4. Application<\/td><td>4. Application<\/td><td>Information on usable data formats, encryption<\/td><\/tr><tr><td>5. Session<\/td><td>4. Application<\/td><td>4. Application<\/td><td>Controlling ports and session information<\/td><\/tr><tr><td>4. Transport<\/td><td>3. Transport<\/td><td>3. Transport<\/td><td>Transmission protocol information (TCP, UDP, etc.)<\/td><\/tr><tr><td>3. Network<\/td><td>2. Internet<\/td><td>2. Network<\/td><td>Device address information between sending and receiving machines<\/td><\/tr><tr><td>2. Data Link<\/td><td>1. Link<\/td><td>2. Data Link<\/td><td>Device MAC address and network format information<\/td><\/tr><tr><td>1. Physical<\/td><td>1. Link<\/td><td>1. Physical<\/td><td>Hardware network interface card (NIC) instructions<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>NGFWs remain the only class of firewalls to filter data based on application, presentation, or session layer packet information. Additionally, they can decrypt data to examine the contents of the packets themselves for malicious content.<\/p>\n\n\n\n<p>Certain organizations are ideal candidates for a next-gen firewall, while others may prefer other types of firewalls. Factors to consider include NGFWs\u2019 features and capabilities as well as their key advantages and disadvantages.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"963\" src=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/ESP_WhatIsANextGenerationFirewall_2024_DA_rnd3-1024x963.png\" alt=\"How a Next Generation Firewall Filters Additional Threats\" class=\"wp-image-34177\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/ESP_WhatIsANextGenerationFirewall_2024_DA_rnd3-1024x963.png 1024w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/ESP_WhatIsANextGenerationFirewall_2024_DA_rnd3-300x282.png 300w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/ESP_WhatIsANextGenerationFirewall_2024_DA_rnd3-768x722.png 768w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/ESP_WhatIsANextGenerationFirewall_2024_DA_rnd3-1536x1444.png 1536w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/ESP_WhatIsANextGenerationFirewall_2024_DA_rnd3-2048x1925.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Who-Needs-a-Next-Gen-Firewall\"><\/span>Who Needs a Next-Gen Firewall?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Every organization that can afford a next generation firewall solution can benefit from the extra security provided by deep packet packet inspection. NGFW vendors used to target the largest enterprises, but most firewalls now incorporate many NGFW capabilities because of the broad benefits that satisfy the firewall needs for most situations &#8211; even for small businesses and smaller IT teams.<\/p>\n\n\n\n<p>Some organizations will possess high-speed data throughput needs that do not tolerate NGFW packet inspection delays in front of application servers, databases, etc. Yet, even these organizations will deploy NGFW elsewhere in the organization to provide general protection to users, branch offices, and applications tolerant of delays.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Who Doesn\u2019t Benefit from NGFWs?<\/h3>\n\n\n\n<p>For companies with resource constraints or specialized needs, NGFW may cost too much, deploy with excessive options, or cause too many data throughput delays. These organizations will consider <a href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/\">different types of firewalls<\/a> that might provide a better fit.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"text-transform:none\">Resource-Constrained Options<\/h4>\n\n\n\n<p>While most firewalls sold today adopt many NGFW capabilities, budget limitations may lead resource-constrained teams to seek inexpensive and reduced-feature firewalls similar in capabilities to traditional firewalls. Some organizations with IT staffing limitations may prefer to adopt a <a href=\"https:\/\/www.esecurityplanet.com\/cloud\/firewalls-as-a-service-fwaas\/\">firewall-as-a-service<\/a> (FWaaS) solution that enables more robust capabilities in exchange for simplified options and reduced control.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"text-transform:none\">Simplified Needs<\/h4>\n\n\n\n<p>Sometimes a network needs a simple firewall for network segmentation or to perform simple packet filtering for <a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-security\/\">network security<\/a>. The extra features and costs of NGFW will be wasted on simple tasks and a low-cost and simplified firewall provides a more appropriate solution.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"text-transform:none\">High Data Throughput Options<\/h4>\n\n\n\n<p>High data throughput needs often require multiple firewall solutions that can provide fast, packet-based filtering as a first layer of defense, followed by specialized firewalls to provide specialized defenses for <a href=\"https:\/\/www.esecurityplanet.com\/cloud\/what-is-cloud-security\/\">cloud security<\/a>, <a href=\"https:\/\/www.esecurityplanet.com\/products\/top-web-application-firewall-waf-vendors\/\">web applications<\/a>, databases, or containers. These organizations may still use NGFW to protect their general networks but will find the packet inspection a performance bottleneck in front of high-speed application servers.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"5-Primary-Features-Capabilities-of-Next-Generation-Firewalls\"><\/span>5 Primary Features &amp; Capabilities of Next-Generation Firewalls<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Firewalls provide protective barriers and each feature enables protection against specific threats. Next generation firewalls provide five key features:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Traditional firewall features:<\/strong> Filter based on packet headers.<\/li>\n\n\n\n<li><strong>Deep packet inspection:<\/strong> Filter based on application specifics, encrypted traffic analysis, sources and destinations, and threat intelligence feed integration.<\/li>\n\n\n\n<li><strong>Network intrusion prevention:<\/strong> Monitor network traffic for potential signs of attack.<\/li>\n\n\n\n<li><strong>User aware filtering:<\/strong> Tie into active directory to modify rules by users and groups.<\/li>\n\n\n\n<li><strong>Network sandboxing:<\/strong> Test unknown files for malicious behavior in isolation.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Traditional Firewall Features<\/h3>\n\n\n\n<p>All NGFWs include the original capabilities developed for the first generations of firewalls. These packet, session, and proxy capabilities continue to provide fast filtering that free up resources for more advanced features.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"text-transform:none\">Packet Filtering<\/h4>\n\n\n\n<p>Packet filtering reads the port and IP addresses in the packet header and blocks traffic based on specific firewall rules. This feature is important because it narrows the scope of potential attacks. Automatically dropping unauthorized and unwanted traffic also reduces the number of packets upon which an NGFW will need to perform deep packet inspection.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"text-transform:none\">Session Filtering<\/h4>\n\n\n\n<p>Firewalls use session filtering rules to monitor established connections and block attacks using spoofed sessions. Older distributed denial of service (DDoS) attacks used malformed TCP requests to overwhelm servers and session filtering drops requests not associated with new or established sessions.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"text-transform:none\">Stateful Inspection<\/h4>\n\n\n\n<p>Stateful inspection firewalls track the behavior of active network connections to detect and block potential data and traffic risks. Stateful inspection requires more memory and more time to analyze packets in the context of other data associated with specific connections.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"text-transform:none\">Proxy Capabilities<\/h4>\n\n\n\n<p>Proxy capabilities allow a firewall to act as a single point of contact for sources outside of the firewall\u2019s network and the firewall will then redirect traffic to the specific assets behind the firewall. This category of capabilities can be broken into specific sub-features such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Application-level gateway (ALG):<\/strong> Enhance network address translation filtering for application-layer protocols such as FTP, BitTorrent, Telnet, etc.<\/li>\n\n\n\n<li><strong>Circuit-level gateways (CLGs):<\/strong> Provide proxy services with session filtering capabilities or simply provide session filtering depending on the setup.<\/li>\n\n\n\n<li><strong>Network address translation (NAT):<\/strong> Act as a router where only the firewall knows how to direct traffic inside the network.<\/li>\n\n\n\n<li><strong>Port address translation (PAT):<\/strong> Use port data to reroute packets to different assets such as routing data to port 587 to the email server.<\/li>\n\n\n\n<li><strong>Virtual private network (VPN):<\/strong> Enable encrypted tunnel connections between internal and external devices.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Deep Packet Inspection<\/h3>\n\n\n\n<p>Deep packet inspection considers the application layer information as well as the packet content itself to provide much more protection &#8211; often enhanced by artificial intelligence (AI) anomaly detection. Deep packet inspection enables and integrates filtering based on application awareness, encrypted data contents, malicious site awareness, and malware signatures.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"text-transform:none\">Application Aware Filtering<\/h4>\n\n\n\n<p>Deep packet filtering can recognize the application, the activities of the application, and the data flowing between the application and the user device. For example, where a traditional firewall can either allow or block access to Facebook, an NGFW can allow Facebook, but block Facebook games. Risky applications can be blocked entirely and other applications can be allowed but blocked when attempting to access sensitive information or specific devices.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"text-transform:none\">Encrypted Traffic Inspection<\/h4>\n\n\n\n<p>To enable deep packet inspection, NGFWs decrypt secure socket layer (SSL), secure shell (SSH), or other encrypted connections to inspect the encrypted data for signs of malicious behavior. For example, a user might click a link on a malicious email that attempts to establish an encrypted HTTPS connection to download malware. The NGFW will decrypt the data, detect the malicious content and block it.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"text-transform:none\">Source &amp; Destination Aware Filtering<\/h4>\n\n\n\n<p>NGFWs check the sources and destinations of each traffic connection using both the header information as well as decrypted traffic information. URL, website, or IP address filtering is applied to block known bad connections. Suspected bad or anomalous traffic can be temporarily blocked or flagged as suspicious for security teams.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" style=\"text-transform:none\">Threat Intelligence Feeds<\/h4>\n\n\n\n<p>Threat intelligence feeds provide lists of malicious IP addresses, malware signatures, and other threat indicators to enable the NGFW to rapidly detect threats and prevent attacks. NGFW will typically integrate the firewall vendor\u2019s threat intelligence feed, but some buyers will also want an NGFW that can incorporate a variety of threat feeds for enhanced detection.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Network Intrusion Prevention System (IPS)<\/h3>\n\n\n\n<p>Although typically associated with protecting data flowing between the corporate network and the outside world, NGFW also can monitor traffic flowing within the network for signs of attack. Some NGFW can challenge the capabilities of standalone IPS appliances, but before replacing IPS systems, test the NGFW capabilities under realistic threat and load conditions. Overtaxed NGFW can create bottlenecks or cause traffic delays.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">User Aware Filtering<\/h3>\n\n\n\n<p>NGFW can integrate with IT user directories (EX: Active Directory) and alter firewall rules based upon users and user groups. For example, file sharing sites and applications may be permitted for the marketing department but blocked for the research and development department. While very powerful, this feature depends upon accurate group assignments in the directory.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Network Sandboxing<\/h3>\n\n\n\n<p>Some NGFW provide network or cloud sandboxes in which suspicious files may be opened and tested on an isolated virtual machine. Sandboxing often will be offered as an add-on subscription and provides a good resource to internal security teams. However, keep in mind that some malware can test for a security environment prior to executing malicious behavior so some sandbox results could be inaccurate.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Top-3-NGFW-Advantages\"><\/span>Top 3 NGFW Advantages<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The deep packet inspection of NGFW provides three key advantages for improving security, enhancing control, and reducing complexity.<\/p>\n\n\n\n<p><strong>Enhanced security<\/strong> results from the deep inspection of sources, destinations, and traffic. NGFW blocks known malicious sources or destinations and filters out any detected malware. While this sounds simple, malware blocking requires the execution of multiple analysis techniques and improved security will be the primary motivator for NGFW purchases.<\/p>\n\n\n\n<p><strong>Enhanced control<\/strong> stems from improved user, device, and application awareness and tracking as well as from centralized management. Enhanced firewall capabilities understand deeper contexts and normal behavior to detect and block abnormal or malicious behavior. Centralized management also enables a smaller team to maintain and monitor network security.<\/p>\n\n\n\n<p><strong>Reduced complexity<\/strong> can result when NGFWs replace other security solutions such as dedicated network IPS solutions. A single, centrally managed solution can reduce training, installation, and update requirements compared to many different security solutions.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"4-Disadvantages-of-NGFWs\"><\/span>4 Disadvantages of NGFWs<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Powerful NGFWs provide valuable benefits, but also introduce tradeoffs for performance, budgets, and configuration and attack risks.<\/p>\n\n\n\n<p><strong>Slowed traffic<\/strong> results from the deep packet inspection. For each security check applied to the packet, a microsecond of delay adds on to the packet transmission speed. The robust security of a large number of inspections comes with the tradeoff of slowed data throughput.<\/p>\n\n\n\n<p><strong>Increased deployment costs<\/strong> stem from the increased NGFW capabilities. Each additional feature delivers a number of options to select and integrations to manage which will take time and expertise &#8211; which adds expense.<\/p>\n\n\n\n<p><strong>Increased misconfiguration risk<\/strong> also originates from the increased NGFW capabilities. Each option on each feature provides an opportunity for a mistake or inadvertent conflicts. The increased complexity will require increased testing to verify correct setup.<\/p>\n\n\n\n<p><strong>Consolidated attack risk<\/strong> naturally arises when NGFWs replace other security solutions. The full protection burden falls upon the NGFW solution which becomes a single point of failure. For example, the US Cybersecurity and Infrastructure Security Agency (CISA) warns that centralized encryption inspection provides a centralized target for attack and <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2017\/03\/16\/https-interception-weakens-tls-security\" target=\"_blank\" rel=\"noreferrer noopener\">can weaken security<\/a> for encrypted communication.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"NGFW-vs-Traditional-Firewalls-Other-Solutions\"><\/span>NGFW vs Traditional Firewalls &amp; Other Solutions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>NGFW enhances security compared to most other <a href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/\">types of firewalls<\/a> but will not be the best solution for all traffic filtering needs. Additionally, NGFW typically replaces a traditional firewall in a traditional castle-and-moat security model which may not be the best solution for the protection of modern IT infrastructure.<\/p>\n\n\n\n<p>In general, an NGFW provides the best security option. However, here is a brief list of other technologies and when they provide a better fit:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Traditional firewalls:<\/strong> Provide lower cost options for simple and fast data filtering.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/products\/unified-threat-management-vendors\/\"><strong>Unified threat management<\/strong><\/a><strong> (UTM):<\/strong> Supply low-cost all-in-one security solutions.&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/products\/top-web-application-firewall-waf-vendors\/\"><strong>Web application firewalls<\/strong><\/a><strong> (WAF):<\/strong> Deliver high-speed specialty protection for apps.<\/li>\n\n\n\n<li><strong>Database firewalls:<\/strong> Maintain high-speed and specialized filtering for <a href=\"https:\/\/www.esecurityplanet.com\/products\/database-security-tools\/\">database security<\/a>.<\/li>\n\n\n\n<li><strong>Cloud firewalls:<\/strong> Preconfigure NGFW capabilities into <a href=\"https:\/\/www.esecurityplanet.com\/cloud\/what-is-cloud-security\/\">cloud-security<\/a>-optimized firewalls.<\/li>\n\n\n\n<li><strong>Container firewalls:<\/strong> Enable code-launchable and specialized <a href=\"https:\/\/www.esecurityplanet.com\/applications\/container-security\/\">container security<\/a>.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/cloud\/firewalls-as-a-service-fwaas\/\"><strong>Firewall-as-a-service<\/strong><\/a><strong> (FWaaS):<\/strong> Provide cloud-hosted and scalable NGFW as a service.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/products\/secure-web-gateway-vendors\/\"><strong>Secure web gateways<\/strong><\/a><strong> (SWG):<\/strong> Enable malware protection for local and remote assets.<\/li>\n\n\n\n<li><strong>Secure service edge (SSE):<\/strong> Extends NGFW capabilities and more to remote assets.<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/www.esecurityplanet.com\/products\/secure-access-service-edge-sase\/\">Secure access service edge<\/a> (SASE):<\/strong> Combine SSE and network operations.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/products\/zero-trust-security-solutions\/\"><strong>Zero trust<\/strong><\/a><strong> network access (ZTNA):<\/strong> Add <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-iam-software\/\">identity and access management<\/a> (IAM) to NGFW capabilities for both local and remote assets.<\/li>\n<\/ul>\n\n\n\n<p>When comparing solutions, make sure to examine the details. Some features will require add-on subscriptions and not all features will be equivalent &#8211; or necessary. For example, some NGFW support as many as 5,000 applications and others as few as 800. However, if you only need the apps within the 800, you don\u2019t need to pay a premium to support a full 5,000 features.<\/p>\n\n\n\n<p>Also be sure to consider automation, AI assists, and reporting features in the solution. The modern enterprise will often be resource constrained and also have many different compliance requirements. Automation and AI can help smaller teams to accomplish more and reporting can remove some compliance burdens.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Bottom-Line-Effective-NGFW-Protection-Requires-Effective-Rules\"><\/span>Bottom Line: Effective NGFW Protection Requires Effective Rules<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Next generation firewalls often provide the best option for network defense. NGFW can also provide effective cloud security, multiple branch office security, or even FWaaS capabilities when deployed as a virtual device. However, all firewalls, even NGFWs, depend upon proper setup to provide effective protection and one misconfigured or bad firewall rule can cripple even the most powerful security function.<\/p>\n\n\n\n<p><strong>As a first step to deploy an effective NGFW, learn about the <a href=\"https:\/\/www.esecurityplanet.com\/products\/top-ngfw\/\">best NGFW solutions<\/a>. In the article, you\u2019ll find their use cases, pricing, top features, and more so you can choose the best option for you.<\/strong><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6fea0d5fdf-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6fea0d5fdf\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6fea0d5fdf\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6fea0d5fdf\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6fea0d5fdf\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6fea0d5fdf\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6fea0d5fdf\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Next-generation firewalls combine traditional firewalls with other packet filtering functions. Discover how they work and if you should deploy one on your network.<\/p>\n","protected":false},"author":271,"featured_media":33948,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[14],"tags":[3414,6445,30582],"b2b_audience":[],"b2b_industry":[],"b2b_product":[395],"class_list":["post-33947","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networks","tag-network-security","tag-next-generation-firewall","tag-ngfw","b2b_product-firewalls-and-intrusion-prevention-and-detection"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What Is a Next-Generation Firewall?<\/title>\n<meta name=\"description\" content=\"Next-generation firewalls combine traditional firewalls with other packet filtering functions. Discover how they work and if you should deploy one on your network.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Is a Next-Generation Firewall?\" \/>\n<meta property=\"og:description\" content=\"Next-generation firewalls combine traditional firewalls with other packet filtering functions. Discover how they work and if you should deploy one on your network.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-09T16:15:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-23T18:11:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240208-what-is-a-next-generation-firewall.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Chad Kime\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chad Kime\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/\"},\"author\":{\"name\":\"Chad Kime\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9\"},\"headline\":\"What Is a Next-Generation Firewall?\",\"datePublished\":\"2024-02-09T16:15:18+00:00\",\"dateModified\":\"2024-02-23T18:11:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/\"},\"wordCount\":2348,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240208-what-is-a-next-generation-firewall.png\",\"keywords\":[\"network security\",\"next generation firewall\",\"ngfw\"],\"articleSection\":[\"Networks\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/\",\"name\":\"What Is a Next-Generation Firewall?\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240208-what-is-a-next-generation-firewall.png\",\"datePublished\":\"2024-02-09T16:15:18+00:00\",\"dateModified\":\"2024-02-23T18:11:10+00:00\",\"description\":\"Next-generation firewalls combine traditional firewalls with other packet filtering functions. Discover how they work and if you should deploy one on your network.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240208-what-is-a-next-generation-firewall.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240208-what-is-a-next-generation-firewall.png\",\"width\":1400,\"height\":900,\"caption\":\"Image: Who is Danny\/Adobe Stock\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What Is a Next-Generation Firewall?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9\",\"name\":\"Chad Kime\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg\",\"caption\":\"Chad Kime\"},\"description\":\"eSecurity Planet lead writer Chad Kime covers a variety of security, compliance, and risk topics. Before joining the site, Chad studied electrical engineering at UCLA, earned an MBA from USC, managed 200+ ediscovery cases, and helped market a number of IT and cybersecurity products, then transitioned into technical writing policies and penetration test reports for MSPs and MSSPs. In his free time, Chad enjoys walks on the beach with his wife, annoying his children, and trying to carve out time for movies, books, video games, and bike rides.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What Is a Next-Generation Firewall?","description":"Next-generation firewalls combine traditional firewalls with other packet filtering functions. Discover how they work and if you should deploy one on your network.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/","og_locale":"en_US","og_type":"article","og_title":"What Is a Next-Generation Firewall?","og_description":"Next-generation firewalls combine traditional firewalls with other packet filtering functions. Discover how they work and if you should deploy one on your network.","og_url":"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/","og_site_name":"eSecurity Planet","article_published_time":"2024-02-09T16:15:18+00:00","article_modified_time":"2024-02-23T18:11:10+00:00","og_image":[{"width":1400,"height":900,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240208-what-is-a-next-generation-firewall.png","type":"image\/png"}],"author":"Chad Kime","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Chad Kime","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/"},"author":{"name":"Chad Kime","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9"},"headline":"What Is a Next-Generation Firewall?","datePublished":"2024-02-09T16:15:18+00:00","dateModified":"2024-02-23T18:11:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/"},"wordCount":2348,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240208-what-is-a-next-generation-firewall.png","keywords":["network security","next generation firewall","ngfw"],"articleSection":["Networks"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/","url":"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/","name":"What Is a Next-Generation Firewall?","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240208-what-is-a-next-generation-firewall.png","datePublished":"2024-02-09T16:15:18+00:00","dateModified":"2024-02-23T18:11:10+00:00","description":"Next-generation firewalls combine traditional firewalls with other packet filtering functions. Discover how they work and if you should deploy one on your network.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240208-what-is-a-next-generation-firewall.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/02\/esp_20240208-what-is-a-next-generation-firewall.png","width":1400,"height":900,"caption":"Image: Who is Danny\/Adobe Stock"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-next-generation-firewall\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"What Is a Next-Generation Firewall?"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/86e8ee2d3bc71af07dbe303d16f17dc9","name":"Chad Kime","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/08\/2023-Kime-HeadShot-150x150.jpg","caption":"Chad Kime"},"description":"eSecurity Planet lead writer Chad Kime covers a variety of security, compliance, and risk topics. Before joining the site, Chad studied electrical engineering at UCLA, earned an MBA from USC, managed 200+ ediscovery cases, and helped market a number of IT and cybersecurity products, then transitioned into technical writing policies and penetration test reports for MSPs and MSSPs. In his free time, Chad enjoys walks on the beach with his wife, annoying his children, and trying to carve out time for movies, books, video games, and bike rides.","url":"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/33947"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/271"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=33947"}],"version-history":[{"count":3,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/33947\/revisions"}],"predecessor-version":[{"id":34179,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/33947\/revisions\/34179"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/33948"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=33947"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=33947"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=33947"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=33947"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=33947"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=33947"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}