Packet-filtering firewall is the oldest firewall type out there. They are designed to create checkpoints at individual routers or switches. The packet-filtering firewalls will check the data packets that try to come through, without inspecting the contents. If the information trying to come through looks suspicious, it cannot get through the network. This is a simple firewall that does not impact network performance too much.

There’s no real insight into what makes a firewall today “next-generation” besides the time it was created. There are commonalities between these firewalls and the originals, and those include TCP handshakes and packet inspections. Next-generation firewalls also use IPS – intrusion prevention systems – to stop network attacks.

These are any firewalls installed on local devices. The biggest draw for these in that they can create a useful, in-depth defense path. Maintaining these on more than one device is not easy, though, so you may need more than one for each asset.

Hardware firewalls use physical appliances, and they act like a traffic router. The intercept data packets before they are connected to a network server. The weakness here is that they can be easily bypassed, which goes against your need for a firewall.

More info: Managed Firewall Services