When you think of next-generation firewalls, you probably think they are only used to help secure the network. They have features like user identification, URL filtering, intrusion prevention systems (IPS), malware prevention and application identity and control. All those items are directly related to security and controlling what users and systems can and cannot do, along with preventing attacks on the network.
Offering Added Function
That is all true of course, but along with those numerous features, a next-generation firewall can also can also help network administrators build quality of services controls. These controls allow businesses to rank and prioritize what traffic is critical and what is not.
QoS is probably not something new to most readers on this blog, especially as it relates to routers and switches. Applications like Voice over IP use QoS to give phone conversations a higher priority over normal network traffic, ensuring that conversations are not interrupted or delayed. But if you are wondering how NGFWs can be used differently than the traditional router, let’s look at real world example.
Controlling Network Traffic
When March Madness is in full swing, many businesses struggle to combat loss of productivity and the large amount on network traffic that the basketball tournament creates. Whether you think your business should deny this type of traffic or not, I think most administrators would at least like to put policies in place to make sure that score updates and streaming content is not over-saturating their connections.
Application identity and control can be used to detect this type of activity. Frequently, yearly in this example, companies like Palo Alto Networks provide custom signatures updates for their customers to deploy. The signatures give businesses the tools to identify both the game updates and the streaming video.
With these application signatures, the NGFW can be used to report on the activity, outright block it or lastly provide quality of service and rate limiting on it. The first two options are pretty obvious and probably something you would expect from a security device, but the third provides the flexibility to allow users access to the updates, scores and streaming video, without hindering business critical systems and applications. Tying all of this together with user ID and all the features of the next-generation firewalls, both the security and network teams can be confident that they are providing the business and its’ users with the best service possible.
Learn more about how CDW can assist with your security architecture and implementation.