An integrated network platform that combines a traditional firewall with other network device filtering functionalities such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS) and/or other techniques such as SSL and SSH interception, website filtering, QoS/bandwidth management, antivirus inspection and third-party integration (i.e. Active Directory).
Your network is full of applications you cannot identify nor control with your port-based firewall. File sharing, social networking, personal email, and streaming media are just a few of the applications that can evade your firewall by hopping ports, using SSL, or non-standard ports. Your employees are using these applications — legitimately in many cases — to do their jobs. Blocking the applications outright may hurt your bottom-line, but blindly allowing them invites business and security risks.
Using a next-generation firewall, you can strike the right balance between blocking all personal-use applications and allowing all of them. Secure application enablement begins with knowing exactly which applications are being used and by whom. This information allows you to create effective firewall-control policies that extend well beyond the traditional 'allow or deny' approach. The final component of our solution is giving you the ability to securely enable applications without degrading your firewall's performance.
Secure application enablement requires a systematic approach that begins with learning which applications are traversing your network, who is using each application, and the types of threats the applications might carry.
The firewall is the only place where all traffic passes through, which makes it the ideal location for controlling applications, users and content. With the new, deeper understanding of your network traffic provided by our firewalls, your security team can quickly deploy application enablement policies that extend beyond "allow or deny." Examples include:
These are just a few of the ways you will benefit from the secure application enablement policy approach of next-generation firewalls.
Identifying and controlling applications, while scanning them for threats, is a computationally intensive process that can crush most server-based platforms. NGFW addresses these performance challenges using a unique combination of function-specific processing for Networking, Security, Content inspection and Management.