Home Blog What is a Next Generation Firewall?


Aug 30
What is a Next Generation Firewall?
Posted by John Li

Next Generation Firewall (NGFW), we’ve all heard of this often-used term (maybe overused) but what does it mean? What do you get if you have one and how do you get it? All great questions that begs to be answered.

Network security is a wide topic that can range from A to Z including Antimalware, identity management, access controls, etc. It hasn’t always been this way, 10 years ago, most organizations put a port filtering edge firewall up and considered themselves secure.

While Network security has evolved to encompass over a dozen other topics, the edge firewall remains a core component of any Network security strategy. In addition to IP and Port filtering at Layers 3-4, the edge firewall + NGFW role has expanded to perform inspection and enforcement between layer 3-7 and can-do things like URL filtering, Application Visibility and Malware/IPS protection.

What this means for most organizations is that you will gain visibility into what type of traffic or application is going to and from the Internet, and who is using up all that bandwidth.

Here is a dashboard view showing you at a glance what’s going through your NGFW

NGFW Dashboard.png

You can change the date range from 1 hour to 1 year, giving you the option to compare current traffic to historical trends.

NGFW date range.png

And more importantly, what your NGFW has detected and protected you from

NGFW Protection Analytics.png

What could have taken hours or days to track down, you can find out at a click which hosts on your network deserves a closer look.


Even if you subscribe to a Laissez Faire approach and don’t wish to be aware of such ugliness potentially going on your NGFW, you can set your configuration to meet your corporate policy and take solace in that you are well protected by the latest industry leading NGFW solution available.

NGFW Configuration.png

Cisco’s NGFW comes as either a module that adds onto the functionality of an ASA 55XX series, or combined in the new 21XX/41XX Firepower appliances.  So, if you are looking to extend the life of your 2-year-old Firewall, then the module addon is a great way to do that.  For high performance requirements (multi-gig), you should be looking at the 21XX/41XX appliances.

For more information about model performance, read this.  https://www.cisco.com/c/dam/en/us/products/collateral/security/asa-firepower-services/at-a-glance-c45-732426.pdf

Written By: John Li, LookingPoint Principal Network Architect - CCNP 

Written By:

subscribe to our blog

Get New Unique Posts