In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.

Next-generation firewalls (NGFWs) – Next-generation firewalls serve the same purpose as traditional firewalls – protecting the network from unwanted data traffic – but they work in a different way to achieve this.
Specifically, NGFWs offer application awareness with full stack visibility by looking at the contents of each data pack et, rather than just its port, source and destination IP address, and protocol.
By using an application layer firewall, this enables you to ban the use of specific applications, such as peer to peer file sharing applications, or to restrict how applications are used, for example,
by allowing Skype to be used for voice over IP calls, but not for file sharing.

Protection level: Very high, because of the high level of granular control they provide. These capabilities may be required for PCI or HIPAA compliance.

Strengths and weaknesses: NGFWs provide far more granular control over what data is and is not allowed to access the corporate network, allowing NGFWs to mitigate a wider range of possible threats. 

But NGFWs are more expensive than traditional firewalls, and because they carry out packet inspection rather than simple packet filtering they have a more limited data throughput which can cause network performance issues.
Do you need it? Leaving cost and performance issues to one side, a NGFW provides better network firewall protection than a traditional firewall.
Most NGFWs also provide other optional security features such as an intrusion detection system, malware scanning, and SSL data inspection. 
These can be valuable to companies that do not already have point solutions providing these features, but they also can cause the data throughput capability of the NGFW to drop significantly when activated.
Vendors: Barracuda, Check Point Software, Cisco, Sophos, Juniper Networks, Palo Alto Networks