Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
8.0.95
Athena NGFW (Next-Generation Firewall) {{ breadTitle }} Deployment Replacing Fortigate with NGFW Key Functional Differences Between Fortigate and Sangfor NGFW Firewall Policy Policy of NGFW
{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","Policy of NGFW")}}

Policy of NGFW

{{ $t('productDocDetail.updateTime') }}: 2026-01-04

In a Next-Generation Firewall (NGFW), security protection and application-level protection are organized into separate policy frameworks. Security policies focus on threats at the network and transport layers, such as intrusion prevention, antivirus, and anti-spam measures. Application-level protection is managed through the Application Control module, enabling fine-grained control and security enforcement for specific application traffic, including application identification, access control, vulnerability protection, and behavior monitoring. This separation allows the NGFW to maintain core network security while providing flexible and precise management of application-layer traffic.

In a Next-Generation Firewall (NGFW), security policies are differentiated based on specific use cases, primarily Internet access protection and server protection. Internet access protection focuses on securing users’ access to the Internet, covering threats such as intrusion prevention, antivirus, and anti-spam. Server protection, on the other hand, is designed to safeguard enterprise servers against external threats, including exploits, attack behaviors, and malicious traffic. In this design, only the server protection scenario supports the Web Application Firewall (WAF) functionality, providing deep protection and application-layer security for web services, while Internet access protection does not include WAF.

Additionally, the use of security protection policies in the NGFW is similar to Fortigate: security policy templates must first be created, and these templates can then be referenced within specific security policies. This approach facilitates centralized management and reuse of policies, improving configuration efficiency and consistency while reducing potential errors caused by redundant configurations.

Moreover, whether it is Intrusion Prevention (IPS), Web Application Firewall (WAF), or URL Filtering, the policy templates in Fortigate firewalls differ significantly from those in NGFWs. Therefore, when migrating or configuring policies, it is recommended to redesign and configure policy templates based on the client’s specific business requirements and security needs, ensuring the effectiveness of the policies and the completeness of security protection.