NGFW(Next Generation Firewall) has been known as one of the "total solution" in the security market. But is it really? Let's have a close look at the difference between NGFW and WAF. NGFW is dedicated to protect the layer 4=Transport layer in the OSI 7 layer. With added specification, NGFW can check some traffic based on signature list. Problem about signature is, it is a coordinated method. If an attack is not prelisted in the signature list, the attacks will easily penetrate the web server. Most recent security threats have been concentrated in the area of web applications. The network structure also corresponds to the application layer, which is seven layers, and therefore threats that can be blocked only through the Web protocol and Web language-specific detection engines. This means that the unique features of web application security are becoming increasingly important, including automatic policy learning, virtual patches that immediately respond to detected threats, anti-automation to distinguish between automated bots and real users, and business protection through user session monitoring. The web application security function is the role of WAF, as compared to existing IPS and FW, they are not comparable to WAF developed specifically for Web application level, and NGFW devices can only handle above functions within limited extent. For example, the majority of recent security incidents are caused by loopholes in poorly designed web applications without security considerations; the vulnerability of the web application itself. Only WAFs that can detect web languages can prevent this.