NetOptics

I thought that this time of the year would be a good time to muse on how the increased use and mass adaptation of NGFW is changing the network architecture.   
 
The NGFW (Next Generation Firewall) finally arrived. It was here for many years but now being adopted by many more customers. “Traditional” firewall and IPS refresh cycles, as well as the evolved threat landscape have increased demand for new firewall features and capabilities.
 
If years ago we had to explain why a firewall is needed, than we had to explain why IPS is needed, nowadays we don’t even need to explain why NGFW are needed. The CSO knows. The CIO accepts and finally, the CFO approves. One of the main drivers is the increases use of web, web applications and business applications using web technologies as well as “consumer like” applications that are simply way too complicated for previous technologies to handle. In addition, enterprise demand  for aggregate throughput rates are growing to “5Gbps and higher” (Gartner: Magic Quadrant for Enterprise Network Firewalls Published: 14 December 2011 by Greg Young, John Pescatore).
 
From an architecture perspective, deploying a new NGFW is similar to the previous task of FW deployment, but the nature of integrated IPS+FW+Application control require a different mechanism to ensure connectivity.  Bypass switches that fail open/close are no longer a legitimate solution since there’s only one line of defense. When it fails open, the defense is gone. Thus, a previously deployed layered security solution (“defense in depth”) using multiple chained devices with individual bypass switches can no longer be deployed and a new requirement, of achieving high availability is needed.
 
Your thoughts?
 
-- Sharon