Network World, a leading source of intelligence, information and insight for network professionals, has identified the development of a next-generation firewall among its top priorities for 2011. Fast two years later, the industry news site is still paying attention to the technology. Technology adoption was at 1% when the article was first published. It is predicted that it will rise to 35% in 2014.

Network World initially focused attention on next-generation firewalls as they needed a different approach to understanding the network security goals associated with firewalls.

What makes a next-generation firewall different from a regular firewall?

Fortinet, and other vendors, agree.

1. It gives priority to the establishment and maintenance of controls over how employees can access the Internet, the Web, or social networking sites. It can prevent employees from posting to time-wasting websites like Facebook.

2. A next-generation firewall isn't port-based like a traditional firewall Fortinet España

3. Next generation firewalls are more intelligent and faster than previous generations. It can also leverage technologies like reputation filtering. Additionally, it can "integrate" with Active Directory for identity management and policy management.

4. It allows business owners to "establish and enforce identitybased application usage policies."

5. VPN capabilities can be integrated into these systems.

6. It can sweep traffic to the application layer, with the purpose of preventing intrusions.

7. It provides users with a transparent view of their network activity, bandwidth consumption and bandwidth usage. Users can "manage priority and bandwidth-related application controls."

Are they taking off as predicted?

Network World said in a follow up article that the firewall technology had indeed been "offto a good start". Fortinet was cited as one of three leading providers. Fortinet FortiGate next gen firewall, which scored major points in terms of its management interface and useability, was the best performing provider when compared against one another.

Fortinet's next generation firewall is also notable for its rule-writing capabilities. This allows reference to IP addresses in addition to geography. FortiGate also has a "slick rate-based" policy feature, which is intended to prevent denials-of-service attacks, the comparative research revealed.

How can they be integrated with application controls?

This varies from vendor to vendor. It is an important differentiation point between product offerings. Fortinet has a single approach to this problem. It applies a single rule to all. Network World found this method to be not only the most user-friendly and intuitive from a security point of perspective, but also potentially the most powerful. It allows traffic to flow only when the attributes match. "It allows you interleave Rules with or without Application Controls."