Next Generation Firewalls (NGFW) can determine which application is running on which port and monitor the traffic from network layer to application layer to determine the type of traffic being sent and received
Next-Gen Firewalls can track the identity of local traffic devices and users by using existing enterprise authentication systems
Where traditional firewalls only tracked from network to transport layer, NGFWs can track from network all the way to application layer, allowing for greater control while enabling admins to implement granular user policies
Next-Gen can be transitioned into fully replacing the traditional firewall by being converted to use either Bridged or Routed mode
The XG Firewall Xstream architecture is engineered to deliver extreme levels of visibility, protection, and performance to help address some of the greatest challenges facing network administrators today.
Expose hidden risks:
Superior visibility into unknown applications, risky activity, suspicious traffic, and advanced threats help you regain control of your network and get deeper insights.
Block unknown threats:
Powerful next-gen protection technology like deep learning intrusion prevention keeps your organisation secure from the latest cyber threats.
Automatically respond to incidents:
Synchronized security and automatic threat response instantly identifies, and isolates compromised systems on your network to prevent breaches.
Xstream SSL Inspection
According to the latest statistics, approximately 80% of web traffic is encrypted, making it invisible to most firewalls. An increasing amount of malware and potentially unwanted apps exploit the fact that organisations are simply not using SSL inspection. Network administrators’ main fears are that SSL inspection will have a performance impact or cause something to break, impacting the user experience. XG Firewall removes the blind spots caused by encrypted traffic by allowing you to use SSL inspection whilst maintaining performance efficiency.
Xstream DPI Engine
We believe you should never have to decide between security and performance. XG Firewall includes a high-speed Deep Packet Inspection (DPI) engine to scan your traffic for threats without a proxy slowing down the process. The firewall stack can completely offload the processing to the DPI engine, significantly reducing latency and so improving overall efficiently. XG Firewall provides robust deep packet threat protection in a single streaming engine for AV, IPS, Web, App control and SSL inspection.
Xstream Network Flow FastPath
Traffic which is known to be secure can be offloaded to the Xstream Network Flow FastPath. This accelerated path for trusted traffic boosts performance dramatically by freeing up resources from unnecessary traffic inspection tasks. This is particularly important for voice and video applications which are sensitive to latency and so can quickly lead to a degradation of the user experience. XG Firewall includes automatic and policy-based intelligent offloading for trusted traffic processing at wire speed