A next-generation firewall (NGFW) is a device that offers additional capabilities beyond traditional firewall functionality. Traditional firewalls may offer stateful packet inspection while a NGFW may provide integrated IDS/IPS functionality. This is considered third-generation firewall technology and can offer several advantages when deployed on a network.

The ability of a single device to perform multiple functions can be cost effective, especially for smaller business networks or situations where there is a lack of expertise in-house to support the technology. One equipment provider is able to aid in the planning, placement, and troubleshooting of the device, although it performs several functions on the network. One device is often easier to manage and support than a series of individual appliances all offering different functionality. Interaction with one appliance interface can be easier for network administrators than learning a variety of interfaces and device languages.

Drawbacks of using a NGFW all-in-one type device include a single point of failure if the device fails. This can be especially problematic if there is no layering of security devices and techniques to provide ample defense in depth. The expense of a multi-purpose device can easily be many times that of a standalone appliance. When something goes wrong, support can be more expensive if not part of an all-inclusive support plan. Finally, the device is more complicated due to all the various services offered, which makes deployment, maintenance, and log management more complex.