Next-Generation Firewall (NGFW)
What is Next-Generation Firewall (NGFW)?
Next-Generation Firewall (NGFW)An advanced firewall that combines stateful inspection with application awareness, integrated IPS, user-identity controls, and TLS inspection to enforce richer policies.
A next-generation firewall (NGFW) extends traditional port-and-protocol filtering with deep packet inspection, application identification (App-ID), user identification, integrated intrusion prevention, and threat-intelligence feeds. NGFWs decrypt TLS to apply policy to encrypted flows and consume URL-categorization, malware-signature, and reputation data to block known-bad traffic. Common vendors include Palo Alto Networks, Fortinet, and Cisco; many deliver the same engine as a cloud-delivered service inside a SASE stack. Effective deployment requires careful TLS decryption design (privacy, performance, certificate handling), tuning of application and IPS rules, and visibility into east-west traffic — not just the perimeter.
● Examples
- 01
A Palo Alto NGFW blocking BitTorrent regardless of port using App-ID.
- 02
An NGFW decrypting outbound TLS and quarantining a download flagged by its built-in IPS.
● Frequently asked questions
What is Next-Generation Firewall (NGFW)?
An advanced firewall that combines stateful inspection with application awareness, integrated IPS, user-identity controls, and TLS inspection to enforce richer policies. It belongs to the Network Security category of cybersecurity.
What does Next-Generation Firewall (NGFW) mean?
An advanced firewall that combines stateful inspection with application awareness, integrated IPS, user-identity controls, and TLS inspection to enforce richer policies.
How do you defend against Next-Generation Firewall (NGFW)?
Defences for Next-Generation Firewall (NGFW) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Next-Generation Firewall (NGFW)?
Common alternative names include: NGFW.