Is Astaro considered a "Next Generation firewall" ? look at these attributes that are needed in the Next generation firewall Application Identification: The firewall must be able use deep packet inspection to look beyond the IP header 5- tuple into the payload of the packet to find application identifiers Extended Stateful Inspection: By tracking application sessions beyond the point where dynamic ports are selected, the firewall will have the ability to support the detection of application-level anomalies that signify intrusions or policy violations SSL Decryption/Re-encryption: The firewall will need the ability to decrypt SSL-encrypted payloads to look for application identifiers/signatures Control: Traditional firewalls work on a simple deny/allow model. In this model, everyone can access an application that is deemed to be good. Analogously, nobody can access an application that is deemed to be bad. This model had more validity at a time when applications were monolithic in design and before the Internet made a wide variety of applications available. Today’s reality is that an application that might be bad for one organization might well be good for another. On an even more granular level, an application that might be bad for one part of an organization might be good for other parts of the organization. Also, given today’s complex applications, a component of an application might be bad for one part of an organization but that same component might well be good for other parts of the organization. Multi-gigabit Throughput: In order to be deployed in-line as an internal firewall on the LAN or as an Internet firewall for high speed access lines, the next generation firewall will need to perform the above functions at multigigabit speeds. please check the attached file for more information

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Next Generation Firewall !!

Is Astaro considered a "Next Generation firewall" ?
look at these attributes that are needed in the Next generation firewall

Extended Stateful Inspection: By tracking application sessions beyond the point where dynamic ports are selected, the firewall will have the ability to support the detection of application-level anomalies that signify intrusions or policy violations
SSL Decryption/Re-encryption: The firewall will need the ability to decrypt SSL-encrypted payloads to look for application identifiers/signatures
Control: Traditional firewalls work on a simple deny/allow model. In this model, everyone can access an application that is deemed to be good. Analogously, nobody can access an application that is deemed to be bad. This model had more validity at a time when applications were monolithic in design and before the Internet made a wide variety of applications available. Today’s reality is that an application that might be bad for one organization might well be good for another. On an even more granular level, an application that might be bad for one part of an organization might be good for other parts of the organization. Also, given today’s complex applications, a component of an application might be bad for one part of an organization but that same component might well be good for other parts of the organization.
Multi-gigabit Throughput: In order to be deployed in-line as an internal firewall on the LAN or as an Internet firewall for high speed access lines, the next generation firewall will need to perform the above functions at multigigabit speeds.

please check the attached file for more information

This thread was automatically locked due to age.

Parents

Reply

Children

No Data