Next Generation Firewalls Offered and Running
Network World, a leader in intelligence, information, and insight for network professionals has named the development of a next generation firewall as one of its top priorities for 2011. Fast forward two years, the industry news website is still paying close attention to technology. When the article was published, technology adoption was only 1%. It is expected that technology adoption will increase to 35% by 2014.
Network World originally focused their attention on next-generation firewalls because they needed a new approach to understand the network security goals associated firewalls.
What is the difference between a regular firewall and a next-generation firewall?
Fortinet and other vendors agree.
It prioritizes the creation and maintenance of controls that control how employees access the Internet, social networking sites, and the Web. It can stop employees posting to time-wasting sites like Facebook.
Next-generation firewalls are not port-based as traditional firewalls.
The next generation firewalls are smarter and more efficient than the previous ones. It can also use technologies such as reputation filtering. It can also "integrate" to Active Directory for policy management and identity management.
It allows business owners "establish an identity-based application usage policy"
These systems can integrate VPN capabilities.
It can sweep traffic to an application layer with the goal of preventing intrusions.
It gives users a clear view of their network activity and bandwidth consumption. It allows users to "manage priority or bandwidth-related application controls."
Are they as popular as expected?
Network World stated in a follow-up article that firewall technology was indeed "off to a good start". Fortinet was listed as one of the three top providers. When compared to other providers, Fortinet FortiGate next-gen firewall scored high marks in terms of its management interface, usability, and performance.
Fortinet's next-generation firewall is notable for its rule writing capabilities. This allows for reference to IP addresses as well as geography. FortiGate also offers a "slick rate based" policy feature that is designed to protect against denial-of-service attacks.
How do they integrate with application controls?
This can vary from vendor to vendor. This is an important point of differentiation between product offerings. Fortinet uses a single approach to solving this problem. It has one rule for all. Network World found that this method is not only the most intuitive and user-friendly from a security perspective but also the most powerful. It allows traffic only to flow when the attributes match. It allows you to interleave rules with or without Application Controls.