It's all about widening the 5-tuple
If there is a simple way to describe the difference between a next-generation firewall and a traditional firewall, it is "more detailed controls." In firewall terms, people talk about "widening the 5-tuple."
Firewall managers like to use the term "5-tuple," borrowing "tuple" from the world of databases. The "5-tuple" means the five items (columns) that each rule (row, or tuple) in a firewall policy uses to define whether to block or allow traffic: source and destination IP, source and destination port, and protocol.
For example, to allow traffic to a Web server at 220.127.116.11 from the Internet, a typical 5-tuple would include source IP and port of "any" (or "*"), destination IP of 18.104.22.168, destination ports of 80 and 443, and destination protocol of TCP — with an action of "allow." There's variation in every firewall on the market, but at the core of every one you'll find a set of rules that look more-or-less like that: 5-tuples.
Next-generation firewalls "widen" the firewall rule base by adding elements (columns) to each 5-tuple, starting with "application" and "user identity" and perhaps going wider still, factoring in other elements such as "reputation."
A study shows that if the U.S. mandates backdoors to decrypt secret messages, there are hundreds of...
KDE's recently announced Linux distro, KDE Neon, seems like a questionable move that has the potential...
A prominent Linux kernel developer announced today in a blog post that she would step down from her...
As enterprises struggle to keep up with their internal demand for mobile apps, more are turning to more...
Amazon does a great job with infrastructure, but securing your cloud applications and environment is up...
Not quite 2:1 adoption rate for ACI like last fall, but close
When it comes to gripes about IT, CIOs need to go back to basics to address the needs of their most...