Even if next generation firewalls are at our door (filtering at applications level – layer 7), most firewalls are still working with source and destination ports. I often see firewall change requests submitted by customers to add rules like: “Allow traffic between X and Y” without further details. And when