the aspectra blog IT know-how & more, since 2012

NGFW: Taking Network Security to the Next Level

A new generation of firewalls has been in operation at aspectra since July. With the powerful Next Generation Firewalls from Fortinet we have further strengthened our first line of defense. All our customers benefit from this.

Firewalls form the critical first line of defense for high-security and high-availability operations and we are constantly on the lookout for ways to strengthen our capabilities. In July, our network security team successfully completed the migration to the Next Generation Firewall (NGFW) FortiGate. With Fortinet, we made a conscious decision to choose a renowned one-stop provider that supplies certified hardware as well as software. This ensures optimal integration of both elements. Additionally, the hardware is purpose-built for firewalling which leads to higher performance, capacity and security for our customers. 

Tried and tested

As the name suggests, NGFWs are advanced versions of the traditional firewall. They offer the same advantages: NGFWs too make use ot both static and dynamic packet filtering to ensure that all connections between network, Internet and firewall are valid and secure. Both firewall types are capable of translating network and port addresses. Redundancy and load balancing (in clusters) remain a top priority for the next generation as well.

Advanced threat prevention 

The fundamental difference between the two generations is the ability to filter packets according to the application. The NGFW has comprehensive control and visibility of applications, which it can identify by means of analysis and signature matching. NGFWs are able to block malware more effectively and to better monitor and fend off Advanced Persistent Threats (APTs).

Designed to meet additional requirements

With Fortinet's NGFWs, we are able to offer our customers a range of additional functions for Unified Threat Management (UTM). Two features are particularly noteworthy: 

  1. The FortiGate Intrusion Prevention System (IPS) protects the network with intelligent threat detection engines against attempts to exploit vulnerabilities in the system. 
  2. The Data Loss Prevention (DLP) allows for the dynamic definition of sensitive data and enables the FortiGate unit to prevent such information to be extracted from its network, thus preventing data breaches. (What Is DLP?)

We are pleased to further increase network security for existing and future customers with our Next Generation Firewalls. We are happy to advise you on the Unified Threat Management features.

Facts & Figures

In operation: Four clusters of two FortiGate units (Active/Standby)
Managed by: terreActive in Segregation of Duty
Migration period: 8 months, completed July 2020
Concurrent Sessions/Cluster (TCP): 8'000’000
New Sessions/Second (TCP): 300’000
Firewall Throughput (packets per second): 33 Mpps


search