Hey everyone! I'm curious about the various uses of firewalls beyond just NAT, ACLs, and routing. Personally, I use them for things like DHCP, NTP, block list imports, DNSMasq, site-to-site VPN, captive portals, and log delivery to a remote server. I'm steering clear of deep packet inspection, WPAD configuration, IDS, and DNS-based content filters since I manage those elsewhere. With all the hype around Next-Generation Firewalls (NGFW), I'm wondering what real benefits they offer, especially beyond just application-aware rules based on DNS or IP blocks. I'm excluding data loss prevention from this discussion since I see that as a separate issue. I'd love your insights on this, as I'm looking for a personal/professional reality check—feel free to be honest!
1 Answer
If you're not decrypting your traffic or doing DNS-aware blocking, you might miss a lot of what your internal systems are sending out over HTTPS. Application-aware rules can help with identifying those patterns, including TLS DNS, which could ensure you're only using authorized DNS services. It sounds like you may have overlooked some of their more critical functions simply because of your setup.
Thanks for your input! I have used these features before, but maybe my cost-benefit analysis was off. With HSTS becoming common, unwrapping and resigning traffic started to feel like a time sink, but I see your point.