[parent5446]

It's mostly useful for production and other corporate networks. It's basically a more powerful firewall, where you can enforce contracts on your network concerning what traffic is allowed to go in or out.

As a quick example, one strategy (although personally I've always questioned it's viability, but it's just one of many examples) is a network admin may install a filter that deep searches packets for common SQL injection or XSS strings. This is done as a secondary measure to possibly prevent malicious requests.

Other examples are if you want to force employees to not be able to send certain documents or information outside of the company for compliance reasons, you can scrub traffic for that information. Obviously more complex.

The general concept is that it's useful for when you know you do not want specific traffic crossing your network. Ironically, it's the same use case scenario with draconian governments preventing encryption, but in the production or corporate scenario the use case is not ethically unsound.