What is a next-generation firewall?

By: C Spire and Fortinet on Mar 8, 2022 10:24:41 AM

blog 1 image-Mar-08-2022-04-19-59-34-PM

Next-generation firewalls, also known as second generation firewalls, protect organizations through advanced security features. NGFWs provide functions like deep-packet inspectionintrusion prevention (IPS), advanced malware detection, application control, and overall increased network visibility through inspection of encrypted traffic. They can be found anywhere from an on-premise network edge to its internal boundaries, and can also be employed on a public or private cloud environment.

Traditional firewalls vs next-generation firewalls

Traditional firewalls acted as a sentinel that monitors traffic moving into, and sometimes out of, the network. These devices would look at packets, network addresses, and ports to determine if data should be allowed through or blocked. A good analogy is airline travel. In the first few iterations of the firewall, data was simply checked to see if it had a ticket, and if its credentials were in order, it could board the plane.

C Spire next-generation firewalls >>

Then application traffic took off, and first-generation firewalls could no longer keep up. That’s because criminals were able to hide malware inside application traffic, where the firewall ticket taker couldn’t see it. 

So, next-generation firewalls were born with a new set of capabilities like app control and IPS to detect known and zero day attacks. This new tool could see into applications and find and block malware by closely watching network traffic. Think of it as adding an X-ray machine to your airline boarding process. You may have had a ticket, but if there was something dangerous in your luggage you were still denied access. 

Over time, additional security inspection technologies were added to the process, such as remediating ransomware with anti-malware. Think of these as the equivalent to body scanners and wiping down luggage looking for bomb-making residue. Unfortunately, as inspections became more frequent, the security gateway became a serious bottleneck. Adding to all that was the rise of encrypted traffic to provide users the safety of securely accessing applications from anywhere to anywhere. 

C Spire next-generation firewalls >>

While traditional firewalls were too simple, the complexity and the processing burden of some of the next-generation firewall is its greatest weak point. For that reason, it’s essential to choose your next-generation firewall in a way that balances security capabilities and performance without making a tradeoff.


firewall guide

Protecting every edge to make hackers’ jobs harder, not yours

In this guide from C Spire and Fortinet, you’ll gain a better understanding of how to protect, consolidate and scale so you can implement a security strategy designed to deliver a seamless user experience and protection aligned with business goals.


Topics: Cybersecurity, Podcasts, Firewall & SD-WAN

C Spire Business is a privately-held telecommunications and technology company driven to deliver the best experiences in wireless, fiber internet, and business IT solutions such as internet, VoIP, cloud and managed services. Read more news releases and announcements at For more information, visit or find us on Facebook, Twitter or Instagram.

The information contained in this site is provided for informational purposes only, and should not be construed as legal advice on any subject matter.

Sign up for our monthly newsletter.

For the latest in technology trends, industry news, and C Spire updates.

Recent Posts

Sign up for our monthly newsletter

For the latest in technology trends, industry news, and C Spire updates.