Abstract

This study evaluates the effectiveness of a next-generation firewall (NGFW) within a real-world organizational network in Libya, using the Jumhouria institution as a case study. Through network restructuring and multi-phase testing, the research demonstrates that an NGFW equipped with an intrusion prevention system (IPS) can block the vast majority of cyberattacks, reducing breach success rates from approximately 90% to less than 5% and significantly outperforming traditional firewalls. The deployed system achieved 98% detection accuracy while generating actionable and detailed security logs. A controlled laboratory model was initially developed to validate the approach prior to deployment. The findings confirm that NGFWs substantially enhance enterprise security posture and offer a robust defense mechanism for organizations operating in security-critical environments.

Keywords

Next-generation firewall (NGFW), Intrusion prevention system (IPS), Network security, Cyberattack detection, Enterprise security, Firewall performance evaluation.

Cite this article

Emdas R, Abdusamad E. Implementation and evaluation of a next-generation firewall: a case study on the network of Jumhouria institution in Libya. International Journal of Advanced Technology and Engineering Exploration. 2025;12(133):1839-1851. DOI : 10.19101/IJATEE.2025.121220228

References

[1] Brar MK, Kaur B, Singh G, Jindal PK, Sood S. Traditional firewall vs. next-generation firewall: a review. In AIP conference proceedings 2024. AIP Publishing LLC.

[2] Singh L, Singh R. Comparative analysis of traditional firewalls and next-generation firewalls: a review. Latest Trends in Engineering and Technology. 2024: 15-27.

[3] Saif AA, Shamsan AH. Virtualized firewalls: design, implementation, and security challenges in modern network infrastructures. In 5th international conference on emerging smart technologies and applications (eSmarTA) 2025 (pp. 1-8). IEEE.

[4] Pavlović M, Zajeganović M, Milivojević M. Implementation of next-generation firewalls in modern networks. Recent Advances in Information Technology, Tourism, Economics, Management and Agriculture. 2023: 19-24.

[5] Gill GK. Multi-layered NGFW protection shield for ai infrastructure. World Journal of Advanced Research and Reviews. 2025; 26(1):2863-74.

[6] Hadiningrum TR, Talasari RA, Ilham KF, Ijtihadie RM. Survey on risks cyber security in edge computing for the internet of things understanding cyber attacks threats and mitigation. JUTI: Jurnal Ilmiah Teknologi Informasi. 2025:29-50.

[7] Zhou J, Fu W, Hu W, Sun Z, He T, Zhang Z. Challenges and advances in analyzing TLS 1.3-encrypted traffic: a comprehensive survey. Electronics. 2024; 13(20):4000.

[8] Li X, Xie J, Song Q, Sang Y, Zhang Y, Li S, et al. Let model keep evolving: incremental learning for encrypted traffic classification. Computers & Security. 2024; 137:103624.

[9] Zhang X, Geng W, Song Y, Cheng H, Xu K, Li Q. Privacy-preserving and lightweight verification of deep packet inspection in clouds. IEEE/ACM Transactions on Networking. 2023; 32(1):159-74.

[10] Deng M, Zhang K, Wu P, Wen M, Ning J. DCDPI: dynamic and continuous deep packet inspection in secure outsourced middleboxes. IEEE Transactions on Cloud Computing. 2023; 11(4):3510-24.

[11] Yuan Q, Liu C, Yu W, Zhu Y, Xiong G, Wang Y, et al. BoAu: malicious traffic detection with noise labels based on boundary augmentation. Computers & Security. 2023; 131:103300.

[12] Korkmaz A, Bulut S, Talan T, Kosunalp S, Iliev T. Enhancing firewall packet classification through artificial neural networks and synthetic minority over-sampling technique: an innovative approach with evaluative comparison. Applied Sciences. 2024; 14(16):1-23.

[13] Elmaghraby RT, Aziem NM, Sobh MA, Bahaa-eldin AM. Encrypted network traffic classification based on machine learning. Ain Shams Engineering Journal. 2024; 15(2):1-10.

[14] Patel M, Amritha PP, Sudheer VB, Sethumadhavan M. DDoS attack detection model using machine learning algorithm in next generation firewall. Procedia Computer Science. 2024; 233:175-83.

[15] Barut O, Luo Y, Li P, Zhang T. R1dit: privacy-preserving malware traffic classification with attention-based neural networks. IEEE Transactions on Network and Service Management. 2022; 20(2):2071-85.

[16] Han G, Zhang H, Zhang Z, Ma Y, Yang T. AI-based malicious encrypted traffic detection in 5G data collection and secure sharing. Electronics. 2024; 14(1):1-24.

[17] Jha AC. Automated firewall policy generation with reinforcement learning. International Journal of IoT. 2025; 5(1):190-211.

[18] Liu Y, Wang Z, Pang S, Ju L. Distributed malicious traffic detection. Electronics. 2024; 13(23):1-17.

[19] Bashi ZS, Senan S. A comprehensive review of zero trust network architecture (ZTNA) and deployment frameworks. International Journal on Perceptive and Cognitive Computing. 2025; 11(1):148-53.

[20] Lekkala SL, Avula R, Gurijala P. Next-gen firewalls: enhancing cloud security with generative AI. Journal of Artificial Intelligence & Cloud Computing. 2024; 3(4):1-9.

[21] Foreman J, Waters WL, Kamhoua CA, Hemida AH, Acosta JC, Dike BC. Detection of hacker intention using deep packet inspection. Journal of Cybersecurity and Privacy. 2024; 4(4):794-804.

[22] Sepczuk M. Dynamic web application firewall detection supported by cyber mimic defense approach. Journal of Network and Computer Applications. 2023; 213:103596.

[23] Stojałowski A. Zero trust architecture–protection against cyber-attacks. Cybersecurity & Cybercrime. 2024; 1(4):110-25.

[24] Che MNI, Jamil N, Yusoff Y, Mat KML. A systematic literature review on advanced persistent threat behaviors and its detection strategy. Journal of Cybersecurity. 2024; 10(1):1-18.

[25] Singh R, Kaushik A, Kumar J, Kaushik K. Web application firewalls: a comprehensive bibliometric review. International Journal of Latest Technology in Engineering, Management & Applied Science. 2025; 14(9):780-90.

[26] Ajish D. The significance of artificial intelligence in zero trust technologies: a comprehensive review. Journal of Electrical Systems and Information Technology. 2024; 11(1):1-23.