Skip Links

What is a next-generation firewall?

It's all about widening the 5-tuple

By , Network World
August 22, 2011 12:06 AM ET

Network World - If there is a simple way to describe the difference between a next-generation firewall and a traditional firewall, it is "more detailed controls." In firewall terms, people talk about "widening the 5-tuple."

Palo Alto earns short list status

Firewall managers like to use the term "5-tuple," borrowing "tuple" from the world of databases. The "5-tuple" means the five items (columns) that each rule (row, or tuple) in a firewall policy uses to define whether to block or allow traffic: source and destination IP, source and destination port, and protocol.

For example, to allow traffic to a Web server at 1.2.3.4 from the Internet, a typical 5-tuple would include source IP and port of "any" (or "*"), destination IP of 1.2.3.4, destination ports of 80 and 443, and destination protocol of TCP — with an action of "allow." There's variation in every firewall on the market, but at the core of every one you'll find a set of rules that look more-or-less like that: 5-tuples.

Next-generation firewalls "widen" the firewall rule base by adding elements (columns) to each 5-tuple, starting with "application" and "user identity" and perhaps going wider still, factoring in other elements such as "reputation."

Read more about security in Network World's Security section.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News