📌  相关文章
📜  传统防火墙与下一代防火墙的区别

📅  最后修改于: 2021-09-15 01:17:05             🧑  作者: Mango

先决条件 – 计算机网络中的防火墙介绍和防火墙的类型

1. 传统防火墙:
传统防火墙是网络安全设备,它通常根据状态、端口和协议对进入或离开网络内部点的网络流量进行状态检查。所以在简单的传统防火墙中主要是控制控制流。它具有虚拟专用网络 (VPN) 功能。但是现在,传统防火墙无法提供所有必需的保护来应对当今发生的如此先进的各种类型的网络威胁。

2. 下一代防火墙:
下一代防火墙是网络安全设备,它不仅通常提供基于状态、端口和协议进入或退出网络内部点的网络流量的状态检查,而且还包括比传统防火墙更多的附加功能。简而言之,下一代防火墙仅称为 NGFW。

下一代防火墙中包含的附加功能如下:

  • 应用感知和控制
  • 集成入侵防御
  • 深度包检测 (DPI)
  • 集成入侵保护系统 (IPS)
  • 云提供的威胁情报
  • 安全套接字层 (SSL) 检查和安全外壳 (SSH) 控制
  • 沙盒集成
  • 启用的保护列表对性能没有影响
  • 高级威胁防护
  • 网页过滤
  • 防病毒、反垃圾邮件、反恶意软件

传统防火墙与下一代防火墙的区别:

S.No. TRADITIONAL FIREWALL NEXT GENERATION FIREWALL
01. Traditional firewall mainly provides stateful inspection of incoming and outgoing network traffic that entering or exiting point inside network. Traditional firewall provides stateful inspection of incoming and outgoing network traffic that entering or exiting point inside network along with many additional features.
02. Traditional firewall is old firewall security system. Next Generation firewall is advanced firewall security system.
03. It provides partial application visibility and application control. It provides fully application visibility and application control.
04. Traditional Firewall works on layer 2 to Layer 4. Next Generation Firewall works on layer 2 to Layer 7.
05. It does not support application level awareness. It supports application level awareness.
06. Reputation and identity services are not supported in it. Reputation and identity services are supported in it.
07. In traditional firewall separately managing security tools is expensive. In next generation firewall it is easy to install and configure integrated security tools and reduces administrative cost.
08. It does not provide complete package of security technologies. It provides complete package of security technologies.
09. Traditional firewall can not decrypt and inspect SSL traffic. Next Generation Firewall can decrypt and inspect SSL traffic in both in and out direction.
10. It supports Network Address Translation(NAT), Port Address Translation (PAT) and Virtual Private Network (VPN). It extends the functionality of Network Address Translation(NAT), Port Address Translation (PAT) and Virtual Private Network (VPN) and makes integration of new threat management technology like sandboxing.
11. Integrated Intrusion Protection System (IPS) and Intrusion Detection System (IDS) are deployed separately. Integrated Intrusion Protection System (IPS) and Intrusion Detection System (IDS) are fully integrated with it.