Application Gateways are firewalls that filter all the way to the application layer, layer 7, of a packet. Filtering to the application layer is more secure, but slower.

You can even create rules that allow or deny certain services for an individual user.

For example, Application Gateways can allow a user to access an FTP service and download remote files, but not put internal files on a remote server.