Category Archives: Firewall

Cisco delivers Patch Tuesday warmup with bundle of 18 bug fixes

Cisco has delivered a bundle of 17 security updates to address 18-CVE-listed vulnerabilities in its networking and communications gear.

Switchzilla has classified 10 of the fixed bugs as high security issues, with exploits leading to everything from command and code execution to denial of service- a particularly serious problem for networking gear. There are no critical vulnerabilities to fix this time around, so breath easier US admins who may be off for the Traitor’s Day Brexit 1776Independence Day weekend.

Among the more prominent bugs include a denial of service flaw in Web Security Appliance caused by sending a malformed certificate and a DLL preloading code execution vulnerability in Jabber.

Cisco’s Small Business switches were patched for two high-rated flaws, one allowing for denial of service from HTTP requests and another and the second a memory corruption flaw from the handling of SSL certificates.

Switchzilla also addressed a security bypass vulnerability in the Nexus 9000 switches and both a command injection and arbitrary read/write flaw in the NFV Infrastructure software.

The medium level of fixes includes a patch for two CVE-listed vulnerabilities in the Firepower Management Center, both potentially allowing for cross-site scripting bugs and a denial of service error in the IOS XR border gateway protocol.

Cisco’s IP phone- both the 7800 and 8800 series, were found to contain a denial of service flaw that would let an attacker prevent the phones from registering by sending them malformed SIP payloads, and the email security appliance was patched for a pair of filter bypass vulnerabilities.

Admins would be well advised to set aside time to check and install any needed Cisco packages before Tuesday, when Microsoft, SAP, and Adobe are all scheduled to drop their own monthly updates for July.

Cisco Industrial Network Director found containing major security bugs

  • Cisco identified three security flaws in the software which is designed for managing industrial networks.
  • Among the three, one was marked “high severity” and could allow attackers to execute arbitrary code.

Cisco has identified three security bugs in Industrial Network Director (IND) software. In a series of security advisories released on Wednesday, Cisco addressed these major flaws present in IND. One of these flaws was a “high severity” remote code execution (RCE) vulnerability that could allow threat actors to execute arbitrary code with elevated privileges.

Cisco IND is a software designed to manage industrial networks and helps monitor automated devices in an industrial network.

Key highlights

  • The RCE flaw, designated as CVE-2019-1861, had a CVSS score of 7.2. The flaw was the result of a file validation issue in IND. In an advisory, Cisco mentions that an attacker could exploit this flaw by authenticating to an affected system using administrator-level privileges and subsequently uploading arbitrary files.
  • The other two flaws identified by Cisco are a stored cross-site scripting (XSS) flaw and a cross-site request forgery (CSRF) vulnerability. While the XSS flawenables attackers to send malicious requests, the CSRF vulnerability allows anyone to perform arbitrary actions on the affected systems.
  • Cisco has released software updates for the RCE flaw. However, XSS and CSRF flaws are still left unpatched.

Worth noting

Apart from addressing IND flaws, Cisco has also released security updates for various products that had security holes. The products patched are Cisco Unified Communications Manager IM and Presence Service, Cisco TelePresence Video Communication Server, Cisco Expressway Series, Cisco Enterprise Chat and Email Center, Cisco Unified Computing System, Cisco IOS XR, and Cisco Webex Meetings Server.

New spam campaign uses fake legal threats to lure victims

  • The spam emails, purporting to come from a law firm, tells victims that they are being sued.
  • A phishing kit reported to be a part of the campaign showed that the targets were primarily Canadian businesses.

Recently, a unique spam campaign has been uncovered by security researchers, where victims are confronted with fake legal threats. It is believed to have been active since last week. In this campaign, spam emails claim to come from law firms and warn gullible victims that they are sued for fictitious legal issues. The poorly-written emails which contain a malicious Word attachment, also instruct victims to respond to the issue within seven days.

Key highlights

  • A phishing kit associated with this campaign was found to have five malicious Word documents.
  • The documents contained a trojan which is used to drop additional malware into affected systems. Most antivirus software products failed to identify these documents.
  • In addition, a text document found in the kit had over 100,000 business email addresses, with most of them having .ca (Canada) domains. Organizations in the northeastern US were also speculated to be some of the targets.

Campaign leverages domain spoofing

Threat actors behind the campaign spoofed domains of certain law firms. KrebsOnSecurity reported an instance where a law firm’s website was spoofed.

“The law firm domain spoofed in this scam — — now redirects to the Web site for RWC LLC, a legitimate firm based in Connecticut. A woman who answered the phone at RWC said someone had recently called to complain about a phishing scam, but beyond that the firm didn’t have any knowledge of the matter,” KrebsonSecurity reported.

Cisco patches serious security flaws found in Prime Infrastructure

The flaws affect the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager.
While two of the flaws required an attacker to have credentials for an attack, the third one could be exploited by an unauthenticated attacker who has the network access.
Cisco has released security updates to patch critical security vulnerabilities discovered in it’s Prime Infrastructure (PI) platform. The flaws were the result of an improper input validation that existed in the web-based management interface of PI, as well as in the Cisco Evolved Programmable Network(EPN) Manager. This could allow remote attackers to execute arbitrary code with elevated privileges.

What are the vulnerabilities?

The three flaws identified were given a CVSS score of 9.8. Among the three, CVE-2019-1821 could be exploited by unauthenticated attackers with network access to the vulnerable interface.
However, CVE-2019-1822 and CVE-2019-1823 required the attackers to have valid credentials for the interface in order to exploit them.
Worth noting

Cisco’s security advisory indicates that the vulnerabilities arose because of PI not handling user-input.

“These vulnerabilities exist because the software improperly validates user-supplied input. An attacker could exploit these vulnerabilities by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system,” read the advisory.

However, the firm has resolved vulnerabilities with software updates. Users are advised to install the updates immediately.

Apart from these updates, Cisco has also recently released over 40 advisories that address numerous security flaws found in some of the products. It includes Cisco NX-OS, Cisco FXOS, Cisco Webex, Cisco Firepower amongst others.

Cisco patches two critical vulnerabilities that could lead to DoS attacks

  • The flaws are detected as CVE-2019-1721 and CVE-2019-1694.
  • The flaws impact Cisco’s TelePresence Video Communication Server and ASA 5500-X Series Firewalls.

Cisco has released security patches for two high-severity flaws that can allow attackers to launch Denial of Service (DoS) attacks. The flaws are detected as CVE-2019-1721 and CVE-2019-1694. The flaws impact Cisco’s TelePresence Video Communication Server and ASA 5500-X Series Firewalls.

What are the vulnerabilities?

CVE-2019-1721 is the vulnerability with the wildest likely impact. It is a flaw in the phone-book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server. The flaw could allow an unauthenticated remote attacker to increase the performance of CPU to 100 percent, causing a DoS condition on an affected system.

The bug is related to improper handling of XML input by affected devices.

“An attacker could exploit this vulnerability by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition. Manual intervention may be required to recover the device,” the security bulletin read.

CVE-2019-1694 is the second critical flaw that exists in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD) software.

The vulnerability is due to improper handling of TCP traffic.

“An attacker who is using a TCP protocol that is configured for inspection could exploit this vulnerability by sending a specific sequence of packets at a high rate through an affected device,” Cisco stated in its bulletin.

The bottom line

Cisco has released software updates to address both vulnerabilities. In addition, it has also addressed several other medium-severity flaws found across its products.

Cisco warns of a critical vulnerability in Nexus data-center switches

  • The security flaw could allow attackers to surreptitiously access system resources of data centers.
  • Designated as CVE-2019-1804, the flaw was given a severity rating of 9.8 out of 10.

A severe vulnerability in Nexus switches has been uncovered by the Cisco team. The flaw was disclosed by the networking company in its security advisories released this week. Secure Shell (SSH protocol) in the Cisco Nexus 9000 series led to this vulnerability which, as a consequence, can allow unauthorized users to have root privileges in the affected system. Attackers could exploit this flaw to execute malicious programs to corrupt data centers.

A detailed picture

  • In an advisory, Cisco indicated that the flaw, tracked CVE-2019-1804, was the result of a default SSH key pair, present in Nexus devices. “An attacker could exploit this vulnerability by opening an SSH connection via IPv6 to a targeted device using the extracted key materials,” the advisory read.
  • The advisory further mentioned that the flaw is only exploitable over IPv6. IPv4 was not vulnerable.
  • The vulnerability affected the Nexus 9000 Series Fabric Switches in ACI mode that were running Cisco NX-OS versions prior to 14.1(1). However, Cisco has released software updates to fix this critical vulnerability.
  • Cisco has also fixed two more vulnerabilities in the Nexus 9000 series. While one of them was an authentication flaw, the other one is a privilege escalation vulnerability.

Other products remedied

The 41 security advisories published yesterday addresses security vulnerabilities found in Cisco’s other products. They include Cisco Umbrella, Cisco Firepower Threat Defense, Cisco RV320 and RV325 routers, Cisco IP Phone 7800 and 8800 series, Cisco Adaptive Security Appliance, Cisco Expressway and Cisco Prime.

Flaws ranged from cross-site scripting, cross-site request forgery to high-priority privilege escalation vulnerabilities.

Fortinet – FortiGate Firewalls & Security Products

Fortinet – FortiGate Firewalls & Security Products

Fortinet – FortiGate Firewalls & Security Products

Fortinet – FortiGate Firewalls & Security Products

FortiGate® Network Security Platform Single vendor, comprehensive portfolio

Fortinet Security Fabric solution components

Fortinet Security Fabric solution components

Fortinet Consolidated Security Platform delivers unmatched performance and protection while simplifying your network. Fortinet’s Network Security Appliances offer models to satisfy any deployment requirement from the FortiGate-20 series for Small Offices to the FortiGate-5000 series for very Large Enterprises, Service Providers and Carriers. FortiGate platforms integrate the FortiOS operating system with FortiASIC processors and the latest-generation CPUs to provide comprehensive.

Buy Hardware Appliance UTM Firewall from India based authorized Dealer, Partner, Supplier, Reseller with remote, on-site installation support  in India at best price.

We are Providing our Antivirus, Antispam solutions all over India like  Mumbai, Thane, Navi Mumbai, Vasai. Virar, Panvel, Kharghar, Bhiwandi, Kalyan Gujrat, Kolkata, Dehli, Chennai, Tamil Nadu etc. To buy our Firewall Service contact us.

Fortinet Firewall:

High-Performance security
High Performance Firewall/VPN
Next Generation Firewalls


Application Firewall

Solution Guides

Fortinet’s Solution for the Enterprise Campus
Connected UTM Solution Brief
Application Delivery Network Solutions From Fortinet
Fortinet Data Center Solution Brief
Fortinet UTM Solution Guide
The Password as you Know it is Dead
Fortinet Secure Wireless LAN

IT Monteur understands the increasing threats faced by the SME community, and can offer the right solutions tailored to your company’s needs.

Small office technology needs are increasing

To support employee mobility, many small offices are adding wireless and enabling BYOD – technologies that have traditionally been confined to larger enterprises. These new technologies add new data security and compliance requirements.

Small businesses are a target

Small businesses have historically lacked security capabilities often found at larger enterprises, primarily due to cost and complexity. For this reason, data breaches are increasingly hitting smaller organisations, either for their data or access to the larger businesses they may serve.

According to the Verizon Data Breach Incident Report, data breaches were more common in small than large organisations (25% vs 20%, with 50% from size unknown).

Why choose Fortinet?

Fortinet’s commitment to quantified, independent third party validation of security effectiveness is unmatched in the industry. Security technologies deployed from network edge to individual endpoints have all earned top marks in real-world testing by NSS Labs, Virus Bulletin, AV Comparatives and more.

Single vendor, comprehensive portfolio

Fortinet is the only UTM vendor able to offer the broad range of security and networking capabilities to dramatically simplify IT infrastructure and security.

Because all products are built in-house they will integrate more tightly and reduce your administration. Your life becomes even easier by working with a single vendor, single procurement process, single administrative experience across products, single support group and single volume licensing program.

FortiGate unified threat management

  • Get up and running in 20 minutes or less with Plug and Play install.
  • Stop attacks before they enter the network.
  • Quickly resolve issues with one-click drill down and actions.
  • Select from the widest variety of performance, port, Wi-Fi and PoE combinations
  • Manage all networking and security from a single console.

FortiAP secure wireless access points

  • Expand wireless coverage with dedicated indoor, outdoor and remote access points
  • Extend security to the very edge with integrated security of Smart APs
  • Simplify remote telework with wireless APs that include wired ports
  • Optimise traffic flow with application prioritisation and other features.

FortiSwitch secure access switches

  • Expand network connectivity and/or physical segmentation with Layer 2 and 3 switching
  • Manage from the established FortiGate console
  • Choose among a wide range of port speeds (1G and 10G), density (8, 24, 32, 48 or 64* ports) and PoE/PoE+ combinations.

FortiGate Firewalls Price

Fortinet – FortiGate Firewall Price
Hardware plus 1 year 8×5 Forticare and FortiGuard UTM Bundle
1 to 15 users
Hardware plus 1 year 8×5 Forticare and FortiGuard UTM Bundle
1 to 40 users
Rs. 82,331/-
Hardware plus 1 year 8×5 Forticare and FortiGuard UTM Bundle
15 to 100 users
Rs. 2,74,757/-

The Security Fabric solution components

The Fortinet Security Fabric consists of various components that work together to form the Security Fabric that secures your organization’s network. The following diagram shows an example Security Fabric that contains both required and recommended Fortinet products:

Devices in the Security Fabric

The Security Fabric implementation consists of required, recommended, and optional devices.

Required devices

The following table shows devices that are required in the Fortinet Security Fabric:

Device Description

FortiGate is a next-generation firewall (NGFW) that provides enterprise-class protection against network, content, and application-level threats.

FortiGates are the core of the Security Fabric and can have one of the following roles in the Security Fabric:

  • Root FortiGate: The root FortiGate is the main component in the Security Fabric. It is typically located on the edge of the network and connects the internal devices and networks to the Internet through your ISP. From the root FortiGate, you can see information about the entire Security Fabric from the Physical and Logical Topology pages in the Security Fabric menu.
  • Internal Segmentation Firewall (ISFW): After a root FortiGate is installed, all other FortiGates in the Security Fabric act as ISFWs. An ISFW is a firewall that is located at strategic points in your internal network, rather than on the network edge. This allows extra security measures to be taken around key network components, such as servers that contain valuable intellectual property. ISFW FortiGates create network visibility by sending traffic and information about the devices that are connected to them to the root FortiGate.

FortiAnalyzer collects, analyzes, and correlates log data from Fortinet devices throughout your organization’s network, and allows you to view all firewall traffic and generate reports from a single console.

FortiAnalyzer gives you increased visibility into your organization’s network and simplifies network logging by storing and displaying all log information in one place. It provides centralized monitoring and awareness of threats, events, and network activity by collecting and correlating logs from Security Fabric devices, such as FortiGate, FortiClient, FortiSandbox, FortiWeb, and FortiMail. This gives you a deeper and more comprehensive view across your entire Security Fabric. You can use the robust security alert information and real-time threat intelligence that FortiAnalyzer provides to quickly identify and respond to security threats across your organization’s network.

Recommended devices

The following table shows devices that Fortinet recommends you have in the Fortinet Security Fabric:

Device Description

FortiAP is a wireless access point that provides integrated, secure, identity-driven wireless LAN access for your organization’s network.

You can add FortiAPs to extend the Security Fabric to your wireless devices. Devices connected to a FortiAP appear in the Physical and Logical Topology pages in the Security Fabric menu.


FortiClient adds endpoint control to devices that are located in the Security Fabric, allowing only traffic from compliant devices to flow through the FortiGate. This is done through FortiClient profiles.

In the Security Fabric, FortiClient profiles are applied by the first FortiGate that a device’s traffic flows through. This is often an ISFW FortiGate. Device registration and on-net status information for a device that is running FortiClient appears only on the FortiGate that applies the FortiClient profile to the device.

FortiClient EMS

FortiClient Enterprise Management Server (EMS) is a security management solution that provides scalable and centralized management of multiple endpoint devices.

FortiClient EMS is used in the Security Fabric to provide visibility across your network, to securely share information and assign security profiles to endpoints.


FortiMail is a secure email gateway that uses various threat prevention methods, including antispam, antimalware, sandboxing, and anomaly detection.

FortiMail integrates with other Fortinet products, as well as third-party virtual and cloud platforms, to help establish a seamless Security Fabric across the entire attack surface. FortiMail anti-spam processing helps offload other devices in the Security Fabric that would typically carry out this process.


FortiManager is an easy-to-use, single pane of glass management console, that gives you total visibility, full control, and complete protection of your organization’s network.

Using the FortiManager in the Security Fabric allows you to simplify the network management of devices in the Security Fabric by centralizing management access in a single device. This allows you to easily control the deployment of security policies, FortiGuard content security updates, firmware revisions, and individual configurations for devices in the Security Fabric.


FortiSandbox is an advanced threat protection appliance that improves your security architecture by identifying and validating threats in a separate, secure environment.

You can add FortiSandbox to your Security Fabric to improve security with sandbox inspection. Sandbox integration allows FortiGates in the Security Fabric to automatically receive signature updates from FortiSandbox and add the originating URL of any malicious file to a blocked URL list.


FortiSwitch is a secure access switch that can be integrated into the Fortinet Security Fabric through the FortiLink protocol. FortiLink allows FortiSwitch ports to become logical extensions of the FortiGate. This allows the FortiGate to auto-discover a connected FortiSwitch for provisioning, including the attachment of policy to ports or VLANs. With an integrated access layer, the FortiGate provides consolidated visibility and reporting with Physical and Logical Topology views of the Security Fabric in the Security Fabric menu.

You can add a FortiSwitch to the Security Fabric when it is managed by a FortiGate within the Security Fabric, and connected to an interface that uses FortiTelemetry.

Devices connected to the FortiSwitch appear in the Physical and Logical Topology pages in the Security Fabric menu, and security features, such as FortiClient profiles, are applied to them.


FortiWeb is a web application firewall that protects hosted web applications from attacks that target known and unknown exploits.

In the Security Fabric, FortiWeb defends the application attack surface from attacks that target application exploits. You can also configure FortiWeb to apply web application firewall features, virus scanning, and web filtering to HTTP traffic to help offload other devices in the Security Fabric that would typically carry out these processes.

Optional devices

The following table shows devices that are optional in the Fortinet Security Fabric:

Device Description
Other Fortinet products

Many other Fortinet products can be added to the Security Fabric, including FortiAuthenticator, FortiToken, FortiCache, and FortiSIEM.

Third-party products

Security Fabric topology views

You can see the Security Fabric topology in the root FortiGate GUI. Two viewing options are available: the Physical Topology view and the Logical Topology view.

The Physical Topology view displays the physical structure of your network, by showing the devices in the Security Fabric and the connections between them. The Logical Topology view displays the logical structure of your network, by connection, by showing information about logical and physical network interfaces in the Security Fabric and the interfaces that connect devices in the Security Fabric. Only Fortinet devices are shown in the topology views.

For more information about the topology views, see Viewing the Security Fabric topology.

Security Fabric Audit

The Security Fabric Audit provides a method to continually monitor and improve your organization’s Security Fabric configuration. The Security Fabric Audit is a feature on the FortiGate that analyzes your Security Fabric deployment, identifies potential vulnerabilities, and highlights best practices that you can use to improve the overall security and performance of your network. Using the Security Fabric Audit helps you to:

  • Tune your network configuration
  • Deploy new hardware and software
  • Have more visibility into your network
  • Gain more control over your network
  • Adhere to your organization’s compliance requirements

The Security Fabric Audit provides a Security Fabric Score based on how many checks your network passes and fails during the Security Fabric Audit. By checking the Security Fabric Score, and implementing the recommendations, you can have confidence that your network is getting more secure over time.

For more information about running a Security Fabric Audit, see Running a Security Fabric Audit.


FortiTelemetry is a protocol that Fortinet products in the Security Fabric use to communicate with each other. It connects Security Fabric devices and allows dynamic status updates to travel between them. The Security Fabric uses FortiTelemetry to link various security sensors and tools together to collect, coordinate, and respond to malicious behavior anywhere it occurs in your network in real time.

You must enable FortiTelemetry on interfaces that connect Fortinet devices in the Security Fabric.

Just call or Email us on
Phone:+91 9582907788 Email:


Trojanized TeamViewer Used in Targeted Attacks Against Multiple Embassies

Motive remains unclear though financial theft appears to be one possibility, Check Point Research says.

A recent cyberattack campaign employed a weaponized version of TeamViewer and malware disguised as a top secret US government document to target officials in several embassies in Europe.

The malware, phishing documents, and other artifacts used in the attacks appear to all be the work of a single individual using the handle EvaPiks, who’s been active in an illegal Russian-carding forum for some time. However, what’s still not entirely clear is if the same individual is also solely carrying out the attacks as well, or if others are involved, according to researchers at Check Point Software Technologies who spotted the attacks.

“According to our findings, we can tell that EvaPiks is behind the development of the entire infection chain,” says Lotem Finkelsteen, threat intelligence group manager at Check Point.

But the type of victims being targeted, and the multiple-stage nature of the attacks, are more indicative of nation-sponsored actors or sophisticated cyber groups, he says.

“Therefore, we wonder whether he joined others to carry [these] attacks, or he just tunneled others’ attack through his successful infection chain,” using an attack-as-a-service model, Finkelsteen says.

Embassy officials from at least seven countries have been targeted so far—Italy, Kenya, Bermuda, Nepal, Guyana, Lebanon, and Liberia. In each instance, the targeted individuals appeared to have been carefully selected and were tied to government revenue related roles and the financial sector, suggesting a possible financial motive for the attack.

So far though, there’s no evidence of the attacker attempting to gain access to any bank accounts belonging to the governments that have been targeted, Finkelsteen says. Espionage is another possible explanation for the attacks, but it’s hard to tell for sure if there are any geopolitical motives based solely on the list of country’s and victims targeted, he notes.

‘Military Financing Program’

In each attack, the threat actors have sent targeted individuals an XLSM document containing malicious macros via email with the subject “Military Financing Program.”

The document itself is reasonably well-crafted, with a logo of the US Department of State on it and marked as top secret. But while EvaPiks appears to have put in some effort to make the document look authentic, he appears to have overlooked certain Cyrillic artifacts within that point to the source of the attack, Check Point said.

The macros – when enabled – extract two files from encoded cells within the XLSM document. One of them is a legitimate AutoHotkey (AHK) program. The other is a malicious version of AHK that connects to a command-and-control server and downloads and executes a malicious version of TeamViewer that allows the attacker to take remote control of the infected system.

The malicious TeamViewer can also download and execute other commands, including one for hiding the TeamViewer interface so the victim doesn’t know it’s running, and another for saving session credentials to a text file.

Sophos XG Firewall Appliances

Sophos XG Series Firewall Appliances

Our XG Series hardware appliances are purpose-built with the latest multi-core Intel technology, generous RAM provisioning, and solid-state storage. Whether you’re protecting a small business or a large datacenter, you’re getting industry leading price:performance, and the ultimate in flexibility, connectivity and reliability in every form factor.


Desktop Models

Our Desktop firewall appliances support all the security features of our larger appliances but in a compact form factor and at a fraction of the cost. Whether you’re looking for an all-in-one security solution for your branch office, or need next-gen firewall security for your growing business, our range of models can offer you many features not available anywhere else.

XG 86 Rev.1
XG 106 Rev.1
XG 115 Rev.3
XG 125 Rev.3
XG 135 Rev.3

1U Models

Our XG Series 1U mid-range firewall appliances are the ideal solution for many medium-sized and distributed organizations. With their flexible connectivity options, they are designed to adapt as your environment changes. All models come with a range of copper and fibre ports on-board and offer a broad range of accessories to provide power redundancy and options to connect external devices.

XG 210 Rev.3
XG 230 Rev.2
XG 310 Rev.2
XG 330 Rev.2
XG 430 Rev.2
XG 450 Rev.2

2U Models

Our 2U high-end firewall appliances come equipped to provide protection for larger distributed organizations and data center environments. They offer the latest high-performance technology and the ultimate in flexibility to meet the most demanding networking requirements.

XG 550 Rev.2
XG 650 Rev.2
XG 750 Rev.2

Next Generation Firewall

Next Generation Firewall

A next-generation firewall (NGFW) is a part of the third generation of firewall technology, combining a traditional firewall with other network device filtering functionalities, such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS). Other techniques might also be employed, such as TLS/SSL encrypted traffic inspection, website filtering, QoS/bandwidth management, antivirus inspection and third-party identity management integration (i.e. LDAP, RADIUS, Active Directory).

Next-generation firewall vs. traditional firewall

NGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next-generation firewalls is to include more layers of the OSI model, improving filtering of network traffic that is dependent on the packet contents.

NGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. NGFWs use a more thorough inspection style, checking packet payloads and matching signatures for harmful activities such as exploitable attacks and malware

Evolution of next-generation firewalls

Improved detection of encrypted applications and intrusion prevention service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services.

Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols. But today, blocking a web application like Farmville that uses port 80 by closing the port would also mean complications with the entire HTTP protocol.

Protection based on ports, protocols, IP addresses is no more reliable and viable. This has led to the development of identity-based security approach, which takes organizations a step ahead of conventional security appliances which bind security to IP-addresses.

NGFWs offer administrators a deeper awareness of and control over individual applications, along with deeper inspection capabilities by the firewall. Administrators can create very granular “allow/deny” rules for controlling use of websites and applications in the network.