A next-generation firewall (NGFW) is a deep-filtering firewall integrated with an intrusion detection system (IDS) or intrusion prevention system (IPS) and able to control and block traffic at the application level.
NGFWs also enable microsegmentation of the network based on applications, not just ports and IP addresses. They usually come as standalone devices, but there exist next-generation firewalls in the form of a virtual machine or cloud service.
Gartner characterizes NGFW solutions as having:
- All standard firewall features;
- Bump-in-the-wire capability (quick integration into existing infrastructure);
- Built-in IDS or IPS;
- The ability to analyze traffic and apply security policies at the individual application level;
- The ability to receive threat intelligence from external sources;
- The ability to add new security features as necessary.
NGFW versus UTM
An alternative to a next-generation firewall is unified threat management (UTM), a universal gateway that combines functions of various security solutions to provide comprehensive protection against network threats. Historically, UTM gateways have tended to have more security features than NGFWs and lower performance as a result of their multitasking nature. But as the two technologies develop, the boundaries between them are becoming blurred.