Zia Networks

Network Security: Stateful vs. Next Generation Firewalls

Network Security: Stateful vs. Next Generation Firewalls

A firewall is something that every business network should have, but are all firewalls created equal? Today we will look at two types: a Stateful firewall, and a Next Generation firewall.


On your business network, information (or data packets) travels back and forth. This information includes email, videos, internet searches, etc. The way this information travels is like a two-way highway; one side traveling from the internet to your local network, and the other side traveling from your network to the internet.

A Stateful Firewall inspects the traffic and data packets traveling to and from your network and filters out anything that can be harmful. It uses a security feature called Stateful packet inspection (SPI) which looks over the data packets in groups instead of individually. It looks for patterns and then decides if they are supposed to be there or not.

One limitation of a Stateful firewall is that it is not setup in a way that examines newer threats.

That is why we highly recommend a Next Generation firewall with a subscription plan. In this option, new vulnerabilities are discovered and added to the firewall every day. This is more important than updating your work station because this is protecting your entire network!


A Next Generation Firewall also filters traffic to protect your network from threats, and it can also detect modern and advanced security threats.

A good way to look at it is through two border patrol checkpoints. The first has one agent (Stateful Firewall), and he checks all the baggage, or information, going through. He tries to inspect items that could be dangerous or harmful to the destination (your local network). He is doing his best, but it is easy for him to miss items because of lack of help and lack of training to spot new threats. In comparison, there is a second checkpoint (Next-Generation Firewall) that has ten well-trained agents and they are able to identify all current and evolving threats.

One well-known company that we trust, FORTINET, has a giant network list of these known and growing threats, and they are saved to the local firewall based on their local criteria.


– Anti-Virus: This protects against the latest viruses and malware, including trojans, worms spyware, and adware. Hackers can use malware to cause data breaches which will expose your private information, and destroy your systems.

– Application Control: This can help the firewall identify and block harmful applications. The administrator also has control over which applications their employees use while on the job.

– Intrusion Prevention: This service looks for weaknesses in the traffic that could allow malicious attacks, or malware in. By having these vulnerabilities in your network, an attacker could gain control of your applications or machines.

– Web Filtering: This service keeps your business from visiting malicious and inappropriate websites, and downloading their harmful content. The administrator can also have control over what websites are allowed in the workplace.

It is important to Zia Networks that our valued customers know about the products we recommend. Is your network secure? Please reach out to Paul@zianetworks.net to find out more.

Share this post