The current paper describes the main features of traffic processing and filtering in NGFW solution xFirewall from Infotecs, the main task of the device is to filter traffic at OSI model layers from network to application, in particular there is a possibility to filter specific applications and application protocols. The essence of a session stateful firewall is revealed, and how to verify the correctness of traffic processing by the firewall is described. In conclusion, a proof of compliance of the xFirewall solution with the NGFW class of products is made.

Keywords: firewall, ngfw, xfirewall, spi, import substitution, critical information infrastructure, information protection, dpi, traffic filtering, statefull packet inspection, ViPNet, firewall