So, what is a NGFW? (I’ve been reading around, and this is the accepted shortcut). It’s bullshit! It’s like a much stupid version of an UTM. Some people here were very excited about Paloalto Networks products, especially NGFW products. So, I’ve been reading their datasheet about this new technology – patent-pending 🙂 – and, beside usual port/IP/MAC firewall, this firewall implements 3 new things – App-ID, User-ID, Content-ID. What are those?! It’s very simple. App-ID identifies traffic by application – like signature, protocol and some heuristics in detecting them, User-ID identifies traffic by user, being very tied to a directory infrastructure (AD, LDAP), and Content-ID which analyzes traffic and searches for patterns, like CC, SSN, and so on. Great!!
But, how is this better than a UTM? In my case, the first that comes to my mind is Fortigate. Buggy as a motherfucker, but pretty good eventually. So, in this case, it comes with Application Control, which does the same shit like Paloalto, but somehow it has more signatures (Paloalto says “over 1000”, meaning somewhere around 1001, and Fortigate says something around 1400). Fortigate tightly integrates with AD and LDAP, I know because I’ve used this crap on both directory infrastructures, so yeap, you can analyze and filter traffic based on users. And, Content-ID, which sounds very like a DLP (data loss prevention), which is also available in a Fortigate UTM, but I never tested it.
Ok, so a Fortigate UTM has everything a Paloalto NGFW has. But, it has some extra shit too: VoIP Security, VPN, Antivirus, Antispam, AntiMalware, IPS, Web Filtering. So, I was asked yesterday about my opinion regarding NGFW and now I’m very sure about my reply – a less featured UTM.