Home / Cisco Security / Difference : Stateful Firewall Vs NGFW Vs UTM

Difference : Stateful Firewall Vs NGFW Vs UTM

Today I am going to talk about the differences between the 3 terms of security which almost all guys heard of. I knew many of you already knew and understand the difference. Let me start with the Firewall.

What is Firewall ?
In typical Security words, you can say it can be a software or hardware with set of rules for which traffic needs to be allowed or denied. In other words you can say that Firewall is the way to filter the traffic.

Now the question is what kind of traffic we are trying to filter here ?
Well, Firewall in terms of the hardware is the defence wall for filter the malicious packets or traffic coming for the internet or within the internal network.

What is Stateful Firewalls ?
Well  talking about the Stateful firewalls, these firewalls can watch traffic streams from end to end. They are aware of communication paths and can implement various IP Security (IPsec) functions such as tunnels and encryption.

Fig 1.1- Stateful Firewalls
Stateful firewalls can tell what stage a TCP connection is in (open, open sent, synchronized, synchronization acknowledge or established). It can tell if the MTU has changed and whether packets have fragmented.

In other words or simpler words, you can say that A Stateful firewall is aware of the connections that pass through it. It adds and maintains information about a user's connections in a state table, referred to as a connection table. It then uses this connection table to implement the security policies for users connections. An example of the stateful firewall is PIX, Cisco ASA, Checkpoint.

If i talked about the Stateless firewalls, these are does not look at the state of connections but just at the packets themselves. An example of a packet filtering firewall is the Extended Access Control Lists on Cisco IOS Routers.

What is NGFW or so called Next Generation Firewalls ?
The approach for the firewall changes now, as per the current scenario in the network world, the firewall should be more intelligent and work smartly. Today's world are no more authentic on IP but on application awareness. 

So NGFW is a next generation firewalls with the Multi-tasking, Application awareness, Threat protection which includes Malware protection with URL filtering capabilities. Next-generation firewalls (NGFWs) with advanced technologies that promised deeper inspection capabilities and better control over individual applications in a network.

Fig 1.2- NGFW Firewalls 
Gartner comes with the concept of the NGFW, where they say now its the end of the Stateful Firewall era and now Firewall should have the capabilities like IPS, Malware Protection, Treat protection and Basic Firewall features inside. Many vendors are there in the NGFW race as of now which includes Palo-Alto and Cisco NGFW.

What is UTM - Unified Threat Management ?
Well UTM have some more functionality than the firewalls, As you guys know that firewall is mainly concerned with the flow of data packets but with the help of UTM appliance you have more diverse range of functions. UTM appliance is capable of balancing the load in a network, it can prevent any sort of data leaks that might occur.

It provides a gateway antivirus solution, it provides network intrusion prevention as well as on appliance reporting too.  With the help of UTM, you can prevent Spam, Phishing attacks.

Fig 1.3- UTM-Unified Threat Management
The market for UTM appliances has well exceeded the billion dollar market, and now sits pretty at a very lofty perch. Rather than install a number of different security systems in order to provide a range of different options, most companies and organizations generally prefer to making use of a UTM appliance, which provides them with complete protection against a host of incoming threats, including spam in one small, discrete package.