In this article

Welcome to this continued topic on NGFWs. Hopefully, you read my previous article "What is a Next-Generation Firewall (NGFW)?" If so, this article should help you when preparing to select a NGFW. What topics should be considered when evaluating and selecting a NGFW?

Many IT leaders look at technical NGFW capabilities alone during the selection process. However, we are seeing the NGFW becoming more of a central point of visibility for a platform versus the stand-alone device or cluster.

Understanding the NGFW platform

This might be a good point to define the term "platform" for clarity. defines a technology related platform as "a group of technologies that are used as a base upon which other applications, processes or technologies are developed.  In personal computing, the platform is the hardware (computer) and the software (operating system) on which applications can be run."

The NGFW platform is growing each year and many NGFW original equipment manufacturers (OEMs) now call the collection of solutions built on the platform "an ecosystem." The ecosystem components vary by OEM; however, the components can include third-party partner applications/cloud services, customer applications that leverage software development kits (SDKs) and OEM-developed solutions.

Therefore, I would like to explain why looking at the "bigger picture" when selecting an NGFW platform is very important. Next, I will discuss the various components of the NGFW platform (or ecosystem) and why it might be a part of your NGFW decision.

Endpoint security software

The term "endpoint" should be understood as security software that runs on the computer, laptop, tablet or other device that helps protect it from security threats. The endpoint protection solution can come in many "flavors" of protection. Terms like Endpoint Detection and Response (EDR) and Endpoint Protection Platform (EPP) are some "flavors" of endpoint protection.

The significance of considering the endpoint when selecting an NGFW has to do with integration. It is optimal that the endpoint works with the NFGW sharing information and is managed using as integrated management console.

Make sure the NGFW you choose works with your current endpoint protection solution or the one you plan to select in the future.

Threat intelligence

Threat intelligence is new to the NGFW platform and one of my favorite areas. This area can get quite complex, but the basic ideas is that threat intelligence helps the NGFW work smarter without you working harder. A threat intelligence feed helps the NGFW platform, including all the integrated components, get up-to-date threat information with the optimal methods of protecting against the threat. Think of this as up to the second news about the "bad things" on the internet, detecting them and then defending against them.

It is important that any NGFW you choose has one or more threat feed options!

Branch office(s)

Are you thinking, "Why would you consider a branch office when considering an NGFW?" If so, let me explain.

Organizations today have more than one location where business is conducted. Furthermore, we realize that the "branch office" has many different titles and functions. The term "branch office" can mean a store, physician office, warehouse or other remote office. Additionally, these branch offices are often acquisitions, divestitures or possibly development environments.

The chosen NGFW should be replicated to the branch offices. However, size and price options need to be considered. Branch offices can be small with less than 10 people or they can be large with more than 1,000 people. One-size-NGFW does not fit all locations. Furthermore, the branch NGFW(s) should be integrated into the same management console as the main NGFW.

Make sure the NGFW you choose has a good range of sizes to fit all branch offices. Also, make sure the price point per NGFW size is reasonable. Lastly, NGFWs need connectivity to integrate and update. Why spend a fortune on that wide area network (WAN) using only private circuits if it isn't necessary. Hint, hint: software-defined wide-area network.

Software-defined wide-area network (SD-WAN)

First, let's go through a basic overview. SD-WAN involves managing the WAN routers from a controller, or creating the "brains" of the network, so that potentially thousands of routers can be managed from a central portal.

In addition to simplified management, SD-WAN also provides the ability to run over any network medium (such as copper, fiber or LTE) and any type of service provider connection (Direct Internet, MPLS, etc.). The key to an SD-WAN solution is that the secure network is easily managed from a central controller. Network administrators can now build policies and seamlessly push them to every device at once, which greatly simplifies IT management.

SD-WAN is a very exciting technology that can save money, decrease down-time and integrate security if done thoughtfully. But what does SD-WAN have to do with selecting an NGFW?

OEMs have SD-WAN solutions that work with the NGFW platform and integrate security! If SD-WAN is an interest (and it should be if you use a private circuit WAN today), make sure the NGFW platform you choose has SD-WAN built in or will integrate. The key element is to verify that the SD-WAN solution works directly with the NGFW and integrates into the security feature set.


Everywhere we turn the phrase "in the cloud" is used. Why would cloud be a consideration when selecting an NGFW?

If the organization is planning to move infrastructure components (i.e. servers, storage, etc.) or applications to the cloud (e.g. AWS, Google, Azure) then you want to consider the cloud solutions the NGFW platform OEM provides or integrates.

Why manage cloud controls separately from an NGFW platform if you don't have to? Fewer administrative widgets to learn, manage and monitor.


The NGFW is a platform or an ecosystem that is growing. Integration saves time and money. Additionally, an integrated environment provides much more visibility and control.

We can no longer just look at NGFW features to make an informed buying decision. Instead, we must consider an NGFW platform based on components of an enterprise IT environment in use today or planned to be used in the future, including:

  • Endpoint security software.
  • Threat intelligence.
  • Branch locations.
  • SD-WAN.
  • Cloud environment.

Our goal is to help your organization select an NGFW platform that brings the broadest integration and delivers the most comprehensive visibility and control.  Contact your WWT account manager and schedule a NGFW Workshop today. Let our NGFW experts help your organization make a more informed decision.