Dos and don'ts for next-gen firewalls

More front-line practicals for choosing and using next-generation firewalls

Plug it in and turn it on? Next-generation firewalls just aren't that simple. Here's advice from the experts on choosing the right device and getting the most it.

Also read the companion special report Next-generation firewalls: In depth.

DO understand the new management paradigm. Policies and rules are built around applications and users, not just ports and protocols, and will be tightly tied to business practices—authorized and ad hoc—that are very different. However, once the admins get the knack, rule sets will be more streamlined and specific.

"There's a learning curve; you come to deal with terms that are much more human-understandable, using user names and groups instead of IP addresses," says Oded Gonda, vice president of network security at Check Point. "It requires some patience for people used to working in a very network-centric role."

DO have policies controlling application use. Have at least basic application policies that can be translated into rules that take advantage of next-gen capabilities, rather than simply transferring old rules without regard to what you are now able to do. This enables users to productively use applications that may have been banned or severely restricted.

"Organizations that already have a policy, or goals, or a culture of what they can do, will be much more successful," says Young. "I see a lot of dissatisfaction when organizations don't have those policies, [and they] bring in application control and don't have anything to enforce."

To continue reading this article register now

22 cybersecurity myths organizations need to stop believing in 2022