A next-generation firewall (NGFW) is a hardware- or software-based network security system that is able to detect and block sophisticated attacks by enforcing security policies at the application level, as well as at the port and protocol level. Next-generation firewalls combine the capabilities of additional features compared to traditionally firewall. NGFW includes intrusion prevention, SSL and SSH inspection, deep-packet inspection and reputation-based malware detection as well as evolving sophistication of applications. The application-specific capabilities are meant to thwart the growing number of application attacks taking place on layers 4-7 of the OSI network stack. An NGFW will act more like passport control and customs combined, inspecting not just where traffic has come from and where it’s going but also what the packet of data actually contains.