Dell SonicWALL - A Next-Generation Firewall

A Next-Generation Firewall (NGFW) is an integrated network platform that combines a traditional firewall with other network device filtering functionalities such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS) and/or other techniques such as SSL and SSH interception, website filtering, QoS/bandwidth management, antivirus inspection and third-party integration (i.e. Active Directory).

NGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address Translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next generation firewalls is to include more layers of the OSI model to improve filtering of network traffic dependent on the packet contents.

NGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. They go deeper to inspect the payload of packets and match signatures for harmful activities such as known vulnerabilities, exploit attacks, viruses and malware.

Gartner defines an NGFW as "a wire-speed integrated network platform that performs deep inspection of traffic and blocking of attacks." At minimum, Gartner states an NGFW should provide:

• Non-disruptive in-line bump-in-the-wire configuration

• Standard first-generation firewall capabilities, e.g., network-address translation (NAT), stateful protocol inspection (SPI) and virtual private networking (VPN), etc.

• Integrated signature based IPS engine

• Application awareness, full stack visibility and granular control

• Capability to incorporate information from outside the firewall, e.g., directory-based policy, blacklists, white lists, etc.

• Upgrade path to include future information feeds and security threats

• SSL decryption to enable identifying undesirable encrypted applications