Many of us are familiar with the idea of a firewall. It sits between your computer or network and the Internet to protect it from Internet-based attacks. The protection is implemented by only allowing communication in or out from certain ports or IP addresses defined by the user.
However, as many applications now connect over port 443 (HTTPS) or 80 (HTTP) – many attacks or bandwidth hungry applications also use these ports to pass their traffic – whether it’s a Botnet, Trojan, key logger or someone watching YouTube in HD. As a result of this, it’s increasingly important to look inside the packet at the content to ensure network security and effective management.
A helpful analogy (potentially most apt now it’s holiday season), is that of airport luggage. A traditional firewall looks at the luggage tag of the suitcase – where it’s come from, and where it’s going. From this, we can’t tell if there is anything other than clothes in the case – potentially, banned items could get through. A ‘next generation firewall’, is like the customs staff – opening the case, and double checking what’s inside – taking out the things that aren’t allowed and making you aware that someone's tried to sneak something through.
Reliable access to the Internet is key to nearly every business, yet bandwidth is finite, so the ability to prioritise important business applications over general traffic is key. You might use online services such as Office 365, Sage Accounts Online or Salesforce to name but a few, and want to ensure that these are responsive whilst still allowing users to access download sites, Windows updates or streaming services.
Key features
A good next generation firewall has all the features of a traditional firewall such as port-based firewalling, NAT and VPN functionality, but also includes:
- Application Control: The ability to identify applications (good and bad) such as Bittorrent, YouTube, Facebook, Spotify, Windows Update, Skype etc by their packets not port.
- Application Priority: Prioritise applications. Ensure key business apps are at the front of the queue, ensuring smooth video conferences and responsive web portals
- Application Analysis: Analyse, in real time, what applications or users are using bandwidth, allowing you to make informed decisions about prioritisation and access policy
- Intrusion Prevention: Looking inside every packet (Deep Packet Inspection) and checking it against a constantly updated threat signature database, a little like antivirus against hacking methods
- Antivirus, anti-malware and antispyware scanning of all data coming in and out of your network to intercept threats before they reach the endpoint.
- Filter internet content based on constantly updated category lists, or whitelist/blacklist linked into your user directory (Active Directory, LDAP etc), increasing productivity, reducing the risk of data loss and protecting staff by ensuring undesirable sites can’t be viewed
- Intelligent failover to a secondary connection, including 3G/4G
- SSL VPN functionality. This is quick and easy to setup to devices including PC’s, Mac’s and tablets whilst being secure
- Crucially, all the above features can be active without slowing down internet access
Next generation firewalls are sometimes referred to as 'unified threat management' or UTM devices – SonicWALL, Cisco, Barracuda, WatchGuard,Fortigate and CheckPoint provide similar solutions.
At Resolve, we recommend SonicWALL next generation firewalls. SonicWALL have been providing security solutions since 1991, recently becoming part of Dell. The same technology that is used by the largest internet companies with their SuperMassive equipment is available to small businesses through their TZ series. We believe that they provide a best in class solution, and most importantly we receive great feedback from our customers about their hardware. For further information, please don't hesitate to give us a call on 0114 299 4050.
