Know your gear
Firewalls are the cornerstone of network security. As Firewalls which will be deployed at critical choke- points in the network, the stability and reliability of an NGFW (Next Generation Firewall) is imperative. Therefore prime directive of any NGFW is that it must be as stable, as reliable, as fast, and as flexible as the existing firewall that it is replacing.
In addition, an NGFW must provide granular control based upon applications, not just ports. The capability is needed to re-establish a secure perimeter where unwanted applications are not able to tunnel over HTTP or HTTPS. As such, granular application control is a requirement of NGFW since it enables the administrator to define security policies based upon applications vs. ports. For example, the administrator could block all Skype traffic while allowing Twitter apps.
In addition, an NGFW must provide granular control based upon applications, not just ports. The capability is needed to re-establish a secure perimeter where unwanted applications are not able to tunnel over HTTP or HTTPS. As such, granular application control is a requirement of NGFW since it enables the administrator to define security policies based upon applications vs. ports. For example, the administrator could block all Skype traffic while allowing Twitter apps.