Next-generation firewall (NGFW) vs. firewall-as-a-service (FWaaS)

A next-generation firewall (NGFW) is a firewall with advanced features, while firewall-as-a-service (FWaaS) is a cloud-delivered firewall for protecting networks and cloud infrastructure.

Obiettivi di apprendimento

Dopo aver letto questo articolo sarai in grado di:

  • Define next-generation firewall (NGFW) and firewall-as-a-service (FWaaS)
  • Contrast NGFWs with FWaaS
  • Scopri come i firewall cloud si sovrappongono a quelli di nuova generazione

Copia link dell'articolo

Next-generation firewall (NGFW) vs. firewall-as-a-service (FWaaS)

These terms describe two different aspects of a firewall — what it can do (NGFW) versus where and how it is deployed (FWaaS). A next-generation firewall (NGFW) has a specific set of security capabilities. Firewall-as-a-service (FWaaS) describes a firewall that is hosted in the cloud and offered as a service (such a firewall can also be called a "cloud firewall").

FWaaS can have next-gen capabilities, and an NGFW can be hosted in the cloud.

NGFW vs. FWaaS Venn diagram

The type of firewall an organization needs depends on their infrastructure. If all of their networking infrastructure and applications are on-premise, a hardware-based NGFW may be sufficient. But most modern organizations run some workloads in the cloud, making FWaaS a necessity (ideally, a FWaaS solution with next-gen capabilities).

Qual è la funzione di un firewall?

Un firewall è un prodotto di sicurezza che monitora e controlla il traffico di rete in base a una serie di regole di sicurezza. I firewall possono essere applicazioni software installate su un server o computer, oppure possono essere dispositivi hardware che si collegano a una rete interna. I firewall di solito si trovano tra una rete attendibile e una rete non attendibile; spesso quella attendibile è la rete interna di un'azienda, mentre quella non attendibile è Internet.

The standard capabilities of a firewall include:

  • Packet filtering: Analyzes individual data packets and blocks them when necessary
  • Stateful inspection: Evaluates packets in the context of active network connections
  • Virtual private network (VPN) awareness: Identifies encrypted VPN traffic and allows it to pass through

Che cos'è un firewall di nuova generazione (NGFW)?

NGFWs have the features of traditional firewalls, but they also have added features to address a greater variety of organizational needs and block more potential threats. They are called "next generation" to differentiate them from older firewalls that do not have these capabilities.

NGFW technologies include:

  • Intrusion prevention system (IPS): Scans network traffic, identifies malware, and blocks it
  • Deep packet inspection (DPI): Improves on packet filtering by analyzing the body of each packet in addition to the header
  • Application awareness and control: Identifies and blocks traffic based on which applications the traffic is going to
  • Threat intelligence feeds: Incorporates streams of updated threat intelligence to identify the latest threats

What is firewall-as-a-service (FWaaS)?

FWaaS is a firewall that is hosted in the cloud by a third party vendor. "Cloud firewall" is another term for this type of service.

FWaaS is not a physical appliance, nor is it hosted on an organization's premises. Like other "as-a-service" categories, such as infrastructure-as-a-service (IaaS) or software-as-a-service (SaaS), FWaaS runs in the cloud and is accessed over the Internet.

Before the advent of cloud computing, a firewall sat in between a trusted network and an untrusted one, and there was a clear boundary (called a "network perimeter") between the trusted and untrusted networks. But in cloud computing, this boundary does not exist, because trusted cloud assets are accessed over an untrusted network (the Internet). Cloud-hosted firewalls protect these assets despite this lack of a network perimeter. Additionally, cloud-hosted firewalls are configured, maintained, and updated by the firewall vendor, not the customer.

What is Cloudflare Magic Firewall?

Cloudflare Magic Firewall is a cloud firewall with next-gen capabilities that is hosted on the global Cloudflare network. It protects data centers, remote users, branch offices, and cloud infrastructure, and it is tightly integrated with the Cloudflare One platform. Learn more about Magic Firewall.