May 07, 2012, 11:55 AM — Knowing what's happening on your network is a pre-requisite to controlling the traffic. We call that visibility because it combines all of the information the firewall knows, including session and application information, traffic volumes, and rate information, into a way to "see" into your network -- to give you visibility.
In a traditional firewall, visibility is a nice-to-have, because security policy dictates what ports are allowed inbound and outbound and other tools, such as Netflow analyzers, can be used to dig into traffic. In next-generation firewalls, where the emphasis is on controlling application usage, visibility is a requirement.
Applications may have many different names and categories, and compared to ports and IP addresses, we found tremendous variation and ambiguity. Without visibility and knowing how the firewall classifies each application it identifies, you can't write the rules that make a next generation firewall "next-generation."
We quickly found that if you want good reporting, you need to have an external device to do it. SonicWall and Fortinet both have internal reporting engines; both engines had problems during our testing, which was entirely expected by the on-site engineers.
Fortunately, all products have off-box reporting engines that are critical to offering next-generation visibility. Check Point customers are not off the hook here either, because the standard Check Point reporting system won't do — you really must add on the optional SmartEvent to get the visibility required for next generation firewalls.
Fortinet FortiGate and Check Point Security Gateway (SmartEvent) gave us the best visibility into our traffic, with a combination of drill-downs, visual reporting including charts, lists, and "top-10" type lists. FortiGate's on-box dashboard was an especially slick visualization tool, which let us add "widgets" that included mini-reports that were constantly updated. FortiGate's dashboard wasn't just a visualization tool, because it included the ability to drill-down to get additional information. Our only complaint about the dashboard is that the display tool crashed in our browser several times during testing.