TI Safe

Class | Support & Admin | DL | Hub |


Edge Security

Next Generation Firewalls (NGFW)

The Next Generation Firewall (NGFW - Next Generation Firewall) is an integrated network platform that combines traditional firewall systems (address and port control) with other filtering features, such as deep inspection of application packages and verification of advanced persistent threats (APTs).

These are high-performance systems, also used to analyze traffic encrypted by TLS / SSL, web browsing content, and offer integration with identity systems such as LDAP, RADIUS and Active Directory, in addition to other capabilities.

Figure: Palo Alto Networks Next Generation Firewall


The main characteristics of NGFW are:

  • Application classification: Identifies the application, regardless of the port, encryption (SSL or SSH) or evasive techniques used.

Uses the application, not the port, as the basis for all your decisions about the secure activation policy: allow, deny, schedule, inspect, and apply traffic formatting.
Categorizes unidentified applications for policy control, forensic threat study, or application signature development.

  • Enforce security policies for all users, anywhere: Deploy consistent policies for local and remote users using Windows®, Mac® OS X®, Linux®, Android® or Apple® iOS platforms. Enables agentless integration with Microsoft® ActiveDirectory® and terminal services, LDAP, Novell® eDirectory ™ and Citrix®. Easily integrate your firewall policies with 802.1X wireless, proxies, NAC solutions and any other source of information about the user's identity.
  • Prevention of known and unknown threats: Blocks a range of known threats, including exploits, malware and spyware, on all ports, regardless of the common threat avoidance tactics employed. Limits the unauthorized transfer of confidential files and data and securely enables non-work-related web browsing. Identifies unknown malware, analyzes it based on hundreds of malicious behaviors, then automatically creates and delivers protection.
  • Centralized management: Next Generation Firewall systems must contain the possibility of using centralized management systems to implement policies and manage resources.


Figure: Centralized Management Using the Panorama Console


Unidirectional Security Gateways

Unidirectional security gateways replace firewalls in high security industrial environments, against attacks originating from external networks. The solution works with a pair of devices: a transmission (TX) device, which contains a laser to send data; receiving (RX), which contains an optical receiver.

It is physically impossible to send data back to the transmission device, providing complete security between networks. The systems sold by TI Safe allow the replication of databases, files or even the display of screens for remote support.

Figure: Waterfall solution working architecture