Nov 30, 2011

How much better are Next Generation Firewalls (NGFW), and are they a necessary upgrade? And what the heck are tuples!?!

I've read a number of articles about NGFWs, and I still have some questions about how much of a step forward they are. One reason for my head scratching is I still don't really know what "tuples" are despite doing a couple of searches, none of which provided a straight-forward explaination of tuples in firewalls? In the end, how much additional protection do NGFWs provide over what we have in the "old generation"?



Nobody should have just a standard firewall any more (aka: a port based router), nor is there still a real need for discreet solutions. When was the last time you carried around separate GPS, mobile phone, torch, mp3 player and camera? Miniaturisation and Moore’s Law have done for security what they have done for the SmartPhone. Next-Generation Firewalls are just Firewalls with extra features, like Application Control. So are Unified Threat Management appliances. UTM got a bad name early on, because their performance limited them to small businesses and thus a more focused NGWF was born. But there are UTMs on the market today that can do over 10Gbps even with all the tuples turned on!


If it’s all about tuples, then UTM is worth revisiting. Source, destination, port, user, group, time of day, virus, reputation, url filter, spam, application, sensitive data, IPS, APT… That’s a tuple of tuples.



LOL, "tuples".  It is a weird term just seeing it sitting there out of context.  It's kind of a shorthand thing used when talking about firewalls to indicate the number of attributes in a packet that are inspected to decide whether it meets access requirements (such as source and destination IP addresses, TCP, etc.).  A 3-tuple allow rule would inspect 3 attributes, a 5-tuple would inspect 5 attributes and so on.  I never thought about it before, but I guess it is just an easier way of saying something like quintuple or sextuple without having to remember all the specific words.  I think it mainly gets used to make the user sound cool, or at least like they know what they are talking about.


NGFWs basically add to what firewalls already do and adds to it.  NGFWs are aware of applications, and you can decide to do things like deny or authorize an applications use by specific individuals.  They also allow you to deny access to websites and applications online in compliance with your company policies.  There is also a SSL decrypt that basically secures traffic from your internal user to the firewall, and separately it secures traffic from the internet host and firewall, with plaintext on the firewall - more or less realtime SSL re-encryption.  So they do offer a lot more than existing firewalls, but whether they are worth the additional costs or not depends on what level of control you want to have over your traffic and how much protection you need for your data.    


Hi JOiseau,

Here's a good article that covers next gen firewalls and explains what a tuple is. Don't feel bad, I didn't know what it was either. Heh, heh. Now we both know! :)

Next Generation Firewalls: It's all about tuples

I am not sure if next gen firewalls are worth upgrading to or not. I think you will have to make that decision for yourself when you read up on them. Obviously though it probably couldn't hurt to have them in place since they do seem to offer advantages to older firewalls.

Answer this