A Next-Generation Firewall (NGFW) is an integrated network platform that combines a traditional firewall with other network device filtering functionalities such as an application firewall using in-line deep packet inspection (DPI), an intrusion prevention system (IPS) and/or other techniques such as SSL and SSH interception, website filtering, QoS/bandwidth management, antivirus inspection and third-party integration.
NGFWs include the typical functions of traditional firewalls such as packet filtering, network- and port-address Translation (NAT), stateful inspection, and virtual private network (VPN) support. The goal of next generation firewalls is to include more layers of the OSI model to improve filtering of network traffic dependent on the packet contents. NGFWs perform deeper inspection compared to stateful inspection performed by the first- and second-generation firewalls. They go deeper to inspect the payload of packets and match signatures for harmful activities such as known vulnerabilities, exploit attacks, viruses and malware.