In the application layer on the OSI model
Examines all traffic and then make forwarding decisions based on the applications that are open
For example, you can let people view twitter but not post to twitter
Often part of an IPS, intrustion prevention systems, or may be the IPS itself.
Allows for content filtering, control website traffic by category, e.g., block all gambling sites, or do a catchall filter for a website