But NGFW — not quite a but more than just pure marketing — remains unsettled. There have not yet been any independent third-party lab tests of so-called NGFW products, several vendors point out. ICSA Labs is discussing a possible NGFW test of various products, says Fortinet, but part of the challenge is nailing down a clear definition of what NGFW is. Gartner, which has its own definition of the gear, acknowledges "some vendors have application control, some are more advanced in IPS," says Young, adding, "The majority of the enterprise firewall vendors are at the early stages of this. Palo Alto is dragging established vendors into it."

The terminology issue is made more confused by the term Unified Threat Management (UTM), a phrase coined by IDC analyst Charles Kolodgy, who says has roughly the same meaning as NGFW. But UTM should apply to security equipment used by small-to-midsized businesses, while NGFW is supposed to be for the enterprise, defined as 1,000 employees and up.

But despite this clash of idioms and the existence of only a tiny installed base using a presumed NGFW, security vendors do appear to recognize that demand for consolidated multi-purpose enterprise security appliances is likely to rise. 

"The market trends are moving in that direction," says Patrick Bedwell, vice president of product marketing at Fortinet, which last week the Fortigate-5001B security blade for its 5000 series appliance family that can reach up to 40Gbps, a wide jump over a previous product limit of 8Gbps. "Legacy firewalls can't keep up. The focus needs to be on application control as threats are getting more complex."

The FortiGate firewall/VPN security blade is application-aware for about 1,300 applications and can establish granular controls on user behavior with applications, along with timeframe limitations and bandwidth management.