There is quite a simple way to describe the difference between a traditional firewall and a next generation firewall and that is that the next generation has more detailed and precise controls. In firewall speak , it is all about *widening the 5-tuple*.
Managers of firewalls just love to use the term *5 Tuple* having borrowed the word *Tuple* from the world of databases. However, for those of you that do not get excited about the latest release of Wold of Warcraft *Five tuples* may mean absolutely nothing. So here is the translation to ‘human speak’ – 5 tuple is the five columns that each has rules. A Tuple of a Row in Firewall policy is used to define whether to allow or block traffic: Destination and source IP, source and destination port, and protocol. If you still do not understand, do not worry. I assure you, you will never need to deal with this yourself, that is why the Geeks are here.
To show you what I mean, to allow traffic to a Web server at 126.96.36.199 from the Internet, a typical 5-tuple would include source IP and port of “any” (or “*”), destination IP of 188.8.131.52, destination ports of 80 and 443, and destination protocol of TCP with an action of “allow.” This variation is in every firewall on the market, but at the core of every one of them you’ll find a set of rules that look more-or-less like that: 5-tuples.
Next-generation firewalls just “widen” the firewall rule base by adding extra elements or columns to each 5-tuple, starting with *user identity* and *application* and perhaps going even wider still, and factoring in other elements such as *reputation.* This is very wonderful if you know how firewalls work. And if you do not, it simply is better at doing its job – protecting your business, your data and perhaps, you memories.
Over and out