Next-generation firewalls: Are a class of firewall that are implemented in either software or hardware and are capable of detecting and blocking complicated attacks by enforcing security measures at the protocol, port and application level. The difference between a standard firewall and next-generation firewalls is that the latter performs a more in-depth inspection and in smarter ways.
Next-generation firewalls: are expected to provide the following:
- All traditional firewall capabilities.
- Identification of undesired encrypted applications with the help of SSL decryption.
- Granular control and application awareness.
- Continuous service with respect to in-line bump in the wire configuration.
- Integrated prevention techniques against network intrusions.
- Capability of using intelligence in improving blocking decisions,.
- An integrated, signature-based intrusion prevention engine.