The answer seems to be: Whatever the vendor wants it to mean. Many of today’s NGFWs boast that they have Intrusion Prevention System (IPS) functionality – but is it good enough?
Those who market IPS systems obviously don’t think so; see this argument that “a firewall is not an IPS – even if it is Next Generation” on McAfee’s blog:
Both sides have a vested interest in their positions. What do you think? Is a next gen firewall all you need, or should you have a dedicated IPS as well?