In a scenario where a regional healthcare provider is implementing a strategy to segregate its administrative, clinical, and guest networks to both minimize its attack surface and comply with health information privacy regulations, which technology should be utilized to not only separate the segments but also enforce distinct security policies and control inter-segment traffic?
Border Gateway Protocol (BGP) for routing control
Quality of Service (QoS) configuration for traffic prioritization
Next-generation firewall (NGFW)
Transport Layer Security (TLS) for secure communications