Next-generation firewalls go beyond filtering traffic from port 80 or 443 and deliver more control by providing the ability to filter by application type and user identity, among all the other features that are being built into one box. With this added policy granularity you can define what groups of users can do with a particular application, which allows for better security and ultimately a business advantage (i.e. the marketing team needs to be able to post to Facebook, but a developer does not).
But with more granular control also comes more complexity and in turn the greater opportunity there is for misconfigured firewalls. According to a recent Gartner report, 95% of firewall breaches are due to misconfigurations – as opposed to flaws with the firewalls. If policies are set at an application level, you must understand each application, its business value to different users and any potential risks that come with it.
Some questions to think about before leveraging the application and user-aware policies available to you in a next-gen firewall include:
read more.......http://www.securityweek.com/six-tips-managing-your-next-generation-firewall-policies?utm_source=dlvr.it&utm_medium=twitter