What should enterprises expect if they want to make the transition from a traditional firewall to a next-generation firewall? It starts with a decidedly different way of thinking about security goals associated with a firewall, especially in terms of establishing application-aware controls over employees as they access the Internet, the Web and social networking sites. (See Unbatten the hatches.)
"There is a chasm to cross," acknowledges Patrick Sweeney, vice president of product management at SonicWall. The old way of talking about traditional port-based firewalls, with system administrators discussing the "language of protocols," is inadequate. Companies need to adopt a more business-focused vocabulary, related to application use, that's common to the CIO, CFO and CEO. "There has to be unification of the languages they speak," Sweeney says.

That's because the new generation of fast, intelligent firewalls are application-aware, enabling enterprises to establish and enforce identity-based application usage policies for employees. So-called next-generation firewalls (NGFW) also incorporate VPN capabilities, perform intrusion prevention sweeps of traffic, have the brains to use technologies such as reputation filtering, and integrate with Active Directory for identity and policy management.

The link for this article located at Network World is no longer available.