What is a next-generation firewall and how does it differ from a traditional firewall?

A traditional firewall filters traffic based on IP addresses, ports, and protocols using access control lists and stateful packet inspection. A next-generation firewall, or NGFW, adds deep packet inspection that examines the content of traffic at the application layer, integrated intrusion prevention that blocks known attack signatures, application awareness that can identify and control applications regardless of port, TLS inspection that decrypts and inspects encrypted traffic, and threat intelligence feeds that update detection capabilities.