SymQuest Blog

What is a Next-Generation Firewall?

February 12, 2020 - IT Security, Security

What is a Next-Generation Firewall?
Kevin Davis

Posted by Kevin Davis

The term “Next Generation Firewall” refers to a critical category of office security technology. But the term’s specific meaning is ambiguous because it varies from manufacturer to manufacturer. It has also changed over time.

To help businesses cut through the confusion, here is a list of the three characteristics that define Next-Generation Firewalls in the context of 2020s network security.

A modern Next-Generation Firewall should have each of these features:

  1. Application-level packet filtering (This alone is the “old” definition of NGFWs)
  2. All-in-one features previously handled by other stand-alone security devices
  3. Firmware that updates to face changing threats

NGFWs feature application-level filtering

There have been firewalls called “Next-Generation” on the market since way back when Star Trek: The Next Generation was on TV. The term Next-Generation Firewall was coined in the 1990’s when firewalls started to filter information at the application level, a more granular level than older first and second-edition firewalls.

Today, application-level filtering remains an important feature of firewalls that’s at the heart of the Gartner glossary definition of the term. But to truly be considered a modern network security device, firewalls today also need to be dynamic and incorporate additional security capabilities.

NGFWs incorporate vital security features previously managed by separate devices or software

Today’s firewalls are the Swiss Army knives of security, and can replace single-purpose security solutions. The current NGFW umbrella also covers multi-function protection security approaches like Unified Threat Management (UTM).

As this graphic from NGFW manufacturer Fortinet shows, a single device today can include features including:

The graphic illustrates the NGFW as a single box because the main business-level NGFWs today are usually a single a piece of hardware with multiple security functions integrated.What is a Next Generation Firewall - Fortinet NGFW illustration

Don’t worry, not every business needs all of these security features. This graphic simply shows some of the features that can be enabled on a NGFW. Having one device that defends against multiple network security threats comes with obvious efficiencies: less equipment and software to maintain and a single location for data to be viewed. 

Having antivirus protection built into a firewall also boosts security, because detecting malicious code with a firewall can help keep this content off of endpoints and from spreading throughout the network. However, while firewall-level antivirus provides an extra layer of protection it unfortunately doesn’t replace the need for endpoint protection solutions. 

NGFWs update to face changing threats

A final important characteristic of next-generation firewall security today is that today’s firewalls are dynamic.

Legacy firewalls were “set and forget.” Once they were configured they did their job filtering packets in the background for years, frequently without any need for modification or updates performed.

Today’s NGFWs adjust to face changing patterns of security threats. Some firewall security updates are automated, but firewalls also require some hands-on attention. IT professionals should conduct regular assessments to review firewall performance and update firmware.

The importance of updating NGFWs

If you take nothing else away from this article, remember that today’s Next-Generation Firewalls require regular updates to function effectively. From a business IT standpoint, this is the most important difference between NGFWs and older generations of firewalls.

Firewalls form the backbone of business IT security systems. If they are maintained properly, Next-Generation Firewalls can prevent threats from entering your network, and make the larger goal of keeping a network secure much easier.

Subscribe to Symquest Tech Talk

Sign up to receive the latest news about innovations in the world of document management, business IT, and printing technology.

How secure is your organization's network? Schedule a cybersecurity assessment.
Kevin Davis

about the author

Kevin Davis

Kevin oversees SymQuest’s Service teams to ensure the best possible experience for our clients. Kevin works with our network and document clients to help achieve all of their business objectives around uptime, efficiencies, security, business continuity, disaster recovery and all other aspects of their IT and document solution needs.


Find me on