(image by knssr, via Adobe Stock)
In a marketing world that sees words and phrases like "new," "improved," and "next-generation" thrown around like New Year's confetti, is the "next-gen firewall" label meaningful or just more marketing blather? Perhaps surprisingly, next-gen firewalls are different than classic firewalls in substantial ways -- ways that you should know about when looking at all the marketing language that does float around the security industry.
States and Deep PacketsThe first significant difference between the two types of firewalls lies in how they evaluate traffic. Most traditional firewalls are "stateful" firewalls while next-gen devices tend to do some form of deeper packet inspection. So what does that really mean?
A stateful firewall looks at the state of a particular connection: The protocol it uses, the port over which it is communicating, and whether it conforms to specific rules established by the firewall admin. The great advantage of stateful firewalls is that they can handle a high traffic volume with limited CPU power, because the go/no-go decision is being made once per connection. Once a connection is permitted, it's permitted as long as the connection is maintained. Deeper packet inspection requires more from the firewall.
Where stateful firewalls tend to focus on the "wrapper" for a connection, deep packet inspection pays attention to the connection's contents. A next-gen firewall can look not only at the protocol, source, and destination, but at whether the packets are ..
Support the originator by clicking the read the rest link below.
