Image depicting next generation security
Glyn Miles, Link-Connect Sales Director, looks at five ways a next generation firewall can offer so much more than advanced security protection. How does your firewall measure up?
1) Guarantee your up time via Active-Active Load Balancing

A next generation firewall (NGF) can load balance multiple circuits, irrespective of the methodology, presenting the full bandwidth capability to the business.

Link-Connect regularly combines Ethernet, EFM, ADSL, FTTC and mobile data services to mitigate service interruption and ensure business continuity for our customers.  

The combination of delivery methods and/or underlying carriers removes the reliance on a single circuit and insulates the end user from local or carrier issues. With all circuits in use, there is a maximum return on expenditure, an efficient allocation of resources and the end user expectations are met. By leveraging a multi-link capability this can extend to VPN sessions, which remain operational in the event of a circuit outage.

High availability is a must for most businesses. Alongside the capability to spread the risk across multiple circuits or delivery mechanisms, the next generation firewall can also be clustered to add a further layer of resilience at the firewall layer. Similar to the circuits, clustered firewalls are configured to provide active-active load balancing with each firewall, capable of supporting the network demands in the event of an outage. This provides the customer with further comfort and assured service availability. Clustering also enables firmware updates with no interruption in service, with each node being capable of being upgraded and tested during normal business hours.

2) Prioritise the most critical data via Dynamic Quality of Service

A next generation security solution is ‘application aware’ and capable of dynamically recognising business critical applications and safeguarding the bandwidth requirement to optimise business performance.  Conversely, when instructed, the platform can identify applications that are not essential to the business and apply the preset rules agreed by the customer. This is a conundrum for most business, which has been compounded by the proliferation of personal mobile phones or tablets in the workplace and the demand on the company network for general Internet access.

Rather than the blanket rule-set provided by a standard Class of Service (Cos) policy, the Quality of Service is entirely bespoke.  This means it can be tailored to support the particular nuance and/or business practice of each customer.

For instance, a rigid policy to ring-fence bandwidth for VoIP is useless when the office is closed, because no calls are being made. However, at this time the nightly back up schedule may be struggling to complete before morning.

3) Maximise your return on investment via Granular Knowledge and Control

The detail provided by the next generation firewall in terms of network use, bandwidth consumption and personal online activity adds significant value to any business.

Granted a generic report of bandwidth utilisation has some value. However, its limited depth can often result in further capacity being purchased. But, when the application, destination IP, user name, group and time of day are also included, the reports become very powerful.

The detailed information means businesses can defer further investment in bandwidth. At the same time it lifts the lid on personal and/or departmental productivity and business resource management.

It is no longer valid to apply the same rules or principles to the business when considering network activity. Some social media applications for example, are now being embraced by businesses as legitimate profit centres.  Marketing, public relations, HR and sales for example are leveraging the platform presented by the likes of Facebook or Youtube. Nonetheless, unfettered access across the wider business could impact on daily operations management and network capacity. Put simply, you can see exactly who is going where and when, which empowers you to respond to change quickly.

4) Stay ahead of the bad guys via Next Generation Security

A NGF is capable of Deep Packet Inspection (DPI) and interrogates all network transit for exploit signatures, payload manipulation and Advanced Evasion Techniques (AETs).

The advent of Web 2.0 applications heralded a new challenge for network defence.  This means standard port based rules from traditional or first generation firewalls have been rendered obsolete. Known as greyware these applications (e.g. Skype, Facebook, Twitter and LinkedIn) are port agnostic and maintain a constant connection to the client throughout the session and present exponential opportunities for the delivery of malicious content.

In trained hands, the next generation firewall remains in lock step with the advancements in exploit delivery.

With the Internet of Things (IoT) on the near horizon, the perpetually open door to the public domain demands intuitive protection and a comprehensive security strategy.

5) Simplify management via Unified Threat Management

A NGF can dovetail with other solutions to provide comprehensive protection from all aspects on modern network transactions.

All businesses are subjected to an increasing risk from every aspect of online activity from general web browsing including unknown or uncategorized URLs with the potential of embedded code to email including unsolicited email and phishing attempts.  Although end user awareness is advancing, it is sadly not at the same rate as the sophistication, belligerence and automation applied by the attacker.

Ransomware attacks have seen a significant increase in the last few years and have presented a real challenge with potentially irretrievable results.

The holistic approach to network security delivered by NGF advances our customers to a stronger position enabling them to withstand the changes in the security landscape.

Link-Connect is a trusted Forcepoint partner.  If you already use their next generation firewall we can help you to realise its true value.  If you are relying on firewall technology that does not deliver the above 5 key requirements then we would like to show you the power of the Forcepoint Stonegate NGF.

Read more about our WAN, Security, Cloud and VoIP expertise here.

Please call Andy, Peter or myself on 01252 740800 or send an email to for more information.