Next Generation Firewall (NGFW), we’ve all heard of this often-used term (maybe overused) but what does it mean? What do you get if you have one and how do you get it? All great questions that begs to be answered.
Network security is a wide topic that can range from A to Z including Antimalware, identity management, access controls, etc. It hasn’t always been this way, 10 years ago, most organizations put a port filtering edge firewall up and considered themselves secure.
While Network security has evolved to encompass over a dozen other topics, the edge firewall remains a core component of any Network security strategy. In addition to IP and Port filtering at Layers 3-4, the edge firewall + NGFW role has expanded to perform inspection and enforcement between layer 3-7 and can-do things like URL filtering, Application Visibility and Malware/IPS protection.
What this means for most organizations is that you will gain visibility into what type of traffic or application is going to and from the Internet, and who is using up all that bandwidth.
Here is a dashboard view showing you at a glance what’s going through your NGFW
You can change the date range from 1 hour to 1 year, giving you the option to compare current traffic to historical trends.
And more importantly, what your NGFW has detected and protected you from
What could have taken hours or days to track down, you can find out at a click which hosts on your network deserves a closer look.
Even if you subscribe to a Laissez Faire approach and don’t wish to be aware of such ugliness potentially going on your NGFW, you can set your configuration to meet your corporate policy and take solace in that you are well protected by the latest industry leading NGFW solution available.
Cisco’s NGFW comes as either a module that adds onto the functionality of an ASA 55XX series, or combined in the new 21XX/41XX Firepower appliances. So, if you are looking to extend the life of your 2-year-old Firewall, then the module addon is a great way to do that. For high performance requirements (multi-gig), you should be looking at the 21XX/41XX appliances.
For more information about model performance, read this. https://www.cisco.com/c/dam/en/us/products/collateral/security/asa-firepower-services/at-a-glance-c45-732426.pdf
Written By: John Li, LookingPoint Principal Network Architect - CCNP