McAfee Firewall EnterpriseNext-generation firewall, providing true application control
McAfee Firewall Enterprise Appliance Overview
With the increased number of network-based applications and the exponential growth of threats, traditional firewalls are inadequately protecting your network's data. McAfee Firewall Enterprise is a next-generation firewall that restores control and protection to your network. Discover, control, visualize, and protect your users, network applications, and infrastructure.
McAfee Firewall Enterprise offers unprecedented levels of application control and threat protection. Advanced capabilities, such as application visualization, reputation-based global intelligence, automated threat feeds, encrypted traffic inspection, intrusion prevention, anti-virus, and content filtering, block attacks before they occur.
Firewall Enterprise also includes enhanced security powered by McAfee Global Threat Intelligence (GTI). McAfee GTI is a comprehensive cloud-based threat intelligence service. Already integrated into McAfee security products, it works in real time, 24 hours a day, to protect customers against cyberthreats across all vectors — file, web, message, and network. McAfee GTI offers the broadest threat data, most robust data correlation, and most complete product integration in the industry. McAfee's GTI network allows enabled products to evaluate threats on multiple vectors in real time, leading to faster identification of threats and higher capture rates. Firewall Enterprise uses the McAfee GTI network connection reputation service to identify domains, IP addresses, and ports that may be hosting malware attacks, and block those attacks. Firewall Enterprise also uses web reputation to identify URLs that may be infected or hosting malware attacks, as well as sites hosting undesirable content.
Three additional products simplify management and help you quickly respond to your business requirements:
McAfee Firewall Profiler (included) — instantly analyzes network traffic and firewall rules to provide insight into the effectiveness of your firewall configuration in enforcing your corporate security policy. Firewall Profiler dramatically reduces the time needed to solve firewall-related network or application outages from hours to minutes, turning substantial manual efforts into a few simple clicks.
McAfee Firewall Reporter (included) — turns audit streams into actionable information. This award-winning security event management (SEM) tool delivers central monitoring plus correlated alerting and reporting to help meet all major regulatory requirements, including PCI DSS, GLBA, HIPAA, SOX, and FISMA.
McAfee Firewall Enterprise Control Center (sold separately) — offers centralized, enterprise-class firewall policy management for global-scale deployments.
Benefits and Features:
Consolidate security, leverage high-assurance features
Put the firewall in charge of network security again with integrated comprehensive network protection technology, including:
- Network intrusion prevention
- Web filtering
- IP reputation
Restore policy compliance in the network
Establish control over network applications and ensure alignment with compliance requirements. Allow administrators to quickly and efficiently apply application and user-based policies written in business terms. Powerful visualization tools provide unique insight into the effectiveness of policy controls.
Improve business agility and reduce costs
Lower acquisition and operational costs with an increased protection profile in both physical and virtual network environments. Enterprises can install McAfee firewall and security features to Riverbed Steelhead equipment, adding network and application visibility to Riverbed’s WAN optimization and server consolidation capabilities.
Use AppPrism for application controls
Discover, control, visualize, and protect thousands of network applications. With AppPrism, you can gain individual application function control within the application.
Integrate with existing identity infrastructure
Align your firewall rules directly with organizational policy statements. Integration with existing network identity infrastructure enables simple deployment while aligning network security with the organization system of record.
Leverage millions of sensors worldwide
Harness the power of 100 million sensors worldwide, providing real-time threat feeds to deliver predictive and pro-active security protection. Greatly reduce your time to protection with automated threat feeds that are delivered without taking the firewall offline.
Identify firewall rule optimizations
Simplify the firewall’s policy in real time. Eliminate the hours spent looking for overlapping, conflicting, or inactive rules. The intuitive interface immediately identifies firewall rule optimizations, as you modify or construct rules.
Optimize rules management
Centrally manage firewalls and generate reports; create rules and selectively apply anti-virus, IPS signatures, URL filtering, and more from a single screen; correlate firewall rules to users and applications to ease planning and troubleshooting. Integration with the McAfee ePolicy Orchestrator (ePO) platform provides a holistic view of firewall health information and an understanding of desktop and server security posture.
Provide security throughout the network
Deploy robust, flexible, and scalable security across your network, precisely where it’s needed with McAfee’s diverse set of powerful platforms. McAfee’s custom-built network appliances and availability to run on Crossbeam’s X-Series platforms address all performance and port density requirements, providing up to 40 Gbps of inspected traffic throughput. Multi-firewall appliances can consolidate up to 32 traditional standalone firewalls into a single, easy-to-manage, and cost-effective appliance. Our firewall virtual appliances secure intra-VM traffic among hosted machines within VMware ESX servers.
Sprawling enterprise applications and the broad, fast-changing attack surface of Web 2.0 necessitate a new approach to firewall security. First generation firewalls were limited to port, protocol, and IP addresses. Today, enhanced next generation McAfee® firewalls let you confidently discover, control, visualize, and protect new and existing applications, using visual analytics and user identity for efficient, effective rules. And to detect complex threats within these applications, we integrate proactive threat intelligence with multiple inspection technologies in one cost-effective, easyto- manage appliance.
Firewalls are traditionally only as strong or as weak as the policies you define. But effective security policies for today's complex Web 2.0 traffic depend on fine-grained understanding that can be hard to come by. You need rapid insight that goes far beyond port and protocol to encompass different web applications and users and the sophisticated threats that target them.
Where in the past you could await signatures, the breakneck pace of threat evolution today demands proactive, predictive diagnosis of risk. Multiple attributes, such as source reputation, content, and behavior, should be assessed to reveal malicious intent before a new threat is confirmed.
It's not enough to predict the threat. Accurate, timely blocking demands concerted action that crosses conventional product silos.
These demands—plus the call to prove compliance—increase the operational burden on the network team. Yet budgets remain under pressure. Something has to change.
The Biggest Firewall Innovation in 15 Years
With version 8 of the McAfee Firewall Enterprise, McAfee reinvents the firewall. Three innovations deliver unprecedented protection at an unheard-of affordability. We combine full application visibility and control, reputation-aware threat intelligence, and multivector attack protection to improve network security while shaving effort and expense.
The firewall solution includes the McAfee Firewall Enterprise appliance family: McAfee Firewall Enterprise Profiler, McAfee Firewall Enterprise Control Center, and McAfee Firewall Reporter.
Today, the weakest link in network security is the application layer. So we have taken the firewall trusted by more ultra-secure environments and added broad application discovery and control. You can now protect new and existing Web 2.0 applications from the risks of data leakage, network abuse, and malicious attacks. With McAfee technology, you can ensure the applications using your network benefit your business.
McAfee AppPrism technology uses the innovative McAfee Firewall Enterprise Profiler to identify all traffic and reveal the applications that are really in use, with helpful context such as source, bandwidth, and destination. By inspecting encrypted application-level traffic, you can eliminate loopholes favored by cyberthieves and attackers.
Fine-grained control allows comprehensive enforcement of policy based on business needs. Instead of policies matched just to IP address, port, or protocol, you can now place a user name with a role and a set of applications.
Construct application usage rules that combine attributes such as:
- Business or recreational purpose
- User identity
- Embedded application control
Without visibility into and control over users and the context of their use, firewalls cannot defend against increasingly port-agile, evasive, targeted applications. McAfee Firewall Enterprise applies user-aware rules and control over applications.
When a user connects, the system validates entitlements in real time from your existing user directory. The firewall quickly applies policies mapped to user identity that grant explicit use of an application.
By tracking to the user, rules are granular enough for modern business operation. And identitybased rules make good operational sense. More and more enterprises rely heavily on unified use of user directories and identity management to support access controls. User changes happen once and propagate out. Security policies stay up to date as the user community changes.
Embedded application control
Embedded application control gives you the power to tailor rights within an application. For instance, you might allow Yahoo, but block Yahoo IM, or allow IM only for specific user groups, perhaps customer support or sales, or locations, such as the head office.
You can also support appropriate corporate use and blackout policies by specifying when an application can or cannot be used. Rules could allow MySpace use during lunchtime, for example, for customer service teams, while financial applications are not available to anyone via VPN on weekends.
Many exploits try to benefit from the lax security in social networking sites by concealing their payloads within trendy applets. With McAfee, you can allow access to the beneficial elements of sites like Facebook, but still minimize the risk of compromised applications within each site.
For advanced control, application whitelisting lets you explicitly allow only traffic from applications that have been approved as necessary or appropriate. Compared to lengthy blacklists, whitelisting whittles down the number of rules you need to write and maintain.
As botnets proliferate through popular social networking applications, it has become more important to be able to lock down rogue applications that attempt to communicate to certain locations. Geo-location lets you cut off this contact to keep your data from exfiltrating and prevent your systems from being used for mischief.
We give you this fine-grained control while making rules development less complex. In fact, there's just one policy in one view. One straightforward console presents the options required to efficiently manage all rules and add defenses. This unified model is especially beneficial over time and across teams, as we also highlight rule interactions and overlaps. With colored fields highlighting potential conflicts, you avoid errors and enhance performance.
It's time to move from managing rules to managing risk. McAfee Firewall Enterprise Profiler simplifies assessment of network traffic so you can add new applications quickly. Our intuitive visual analytics give you a way to measure the effectiveness of each rule change instantly, so you can tune policies for the maximum benefit.
Rich graphical tools correlate application activities in real time, based on user identity, geo-location, and usage levels. You can easily see who is using what applications. This integrated view lets you exchange hours of due diligence, experimentation, and troubleshooting for just a few clicks. For some users, the biggest advantage is seeing immediately whether or not a problem was really due to the firewall and being able to navigate to its root cause.
Figure 1. McAfee Global Threat Intelligence featuring McAfee
TrustedSource allows or blocks traffic based upon reputation.
McAfee AppPrism helps you reduce risks from application-level threats while you optimize use of corporate bandwidth. Behind McAfee AppPrism stands the power of McAfee Labs™. Our threat researchers utilize threat research and intelligence data to continually recognize and assess risk for 31 categories of applications, ranging from anonymizers to video and photo sharing.
By assigning dynamic reputations for sites, senders, and locations, we can block an average 70 percent of undesirable traffic before you ever see it. Because of this capability, it can even spot the subtle command and control (C and C) channel of botnets.
The Only Firewall with Reputation Analysis and Global Threat Intelligence
Only McAfee includes reputation technology in a firewall, and it is just one element of McAfee Global Threat Intelligence. At McAfee, more than 400 researchers collaborate across web, spam, vulnerability, host and network intrusion, malware, and regulatory compliance research. This breadth allows them to characterize every new threat and vulnerability.
Their efforts, informed by more than 100 million sensors around the world, deliver real-time predictive risk analysis to guard you against evolving multifaceted threats.
Unlike old-fashioned firewalls that rely on signatures, automated threat feeds from McAfee Labs keep you up to date without taking your firewall off-line. With the increase in advanced persistent threats like Operation Aurora, McAfee Global Threat Intelligence is the most sophisticated protection you can own, helping you mitigate vulnerabilities, avoid regulatory violations, and lower the cost of remediation.
Multivector Security in One Integrated Appliance
One reason customers choose McAfee is our extensive security and compliance portfolio. Now, we place this might right at your door. Facing off against the complex threats in Web 2.0 applications, exploit cocktails, phishing, and targeted attacks, McAfee Firewall Enterprise now combines multiple crucial threat protections in every firewall appliance.
Before, firewalls were limited to access control and segmentation. Adequate protection required the expense of implementing and maintaining several separate products. Now, one box combines:
- McAfee AppPrism delivers full application discovery and control
- Intrusion prevention
- Global reputation analysis
- URL filtering with McAfee SmartFilter technology
- Encrypted application filtering
- Anti-virus, anti-spyware, and anti-spam
Our experience building multivector solutions has helped us deliver all these protections without compromising performance or productivity—and without charging extra.
Fine-Grained Control Made Manageable
Reliable security must also be easy to configure. The intuitive McAfee Firewall Enterprise administrative console lets your administrators create rules and selectively apply defenses such as application filters, IPS signatures, and URL filtering from a single screen. New software feature updates are delivered automatically via the Internet, reducing maintenance effort. Simply determine the schedule with a single click.
The McAfee Firewall Enterprise product line includes additional tools for simplifying management: McAfee Firewall Reporter and McAfee Firewall Enterprise Control Center.
Included at no additional cost, McAfee Firewall Reporter software turns audit streams into actionable information. This award-winning security event management (SEM) tool delivers central monitoring, and correlated alerting and reporting. Choose from more than 500 graphical reports to depict network traffic and help meet all major regulatory requirements.
Sold separately, McAfee Firewall Enterprise Control Center offers centralized firewall policy management for multiple McAfee Firewall Enterprise appliances. It lets you maximize operational efficiency, simplify policy control, optimize rules, streamline software updates, and demonstrate regulatory compliance. You can even compare policy configurations on all of your McAfee Firewall Enterprise Control Centermanaged devices to ensure consistency across your network. Robust configuration management lets you centrally track, trace, and validate all policy changes.
Furthermore, McAfee Firewall Enterprise Control Center integrates with McAfee ePolicy Orchestrator® (McAfee ePO™) software, providing it with visibility into firewall health data and reports.
The Most Secure Firewall Hardware Platform
At its core, McAfee Firewall Enterprise runs on the high-speed, high assurance McAfee SecureOS operating system. Patented McAfee Type Enforcement technology secures the OS itself for an unparalleled level of platform security. Perhaps it is why McAfee SecureOS has an unparalleled CERT advisory record: no emergency security patches have ever been required.
The preconfigured operating system security policy prevents compromises, and the entire operating system is compartmentalized so attackers cannot disrupt its work.
These extra steps allowed us to be the first firewall to achieve Common Criteria EAL 4+ certification with US DoD Protection Profile compliance.
Because of our innovation and advanced security, the McAfee Firewall Enterprise protects 15,000 networks around the world, including thousands of government agencies, Fortune 500 organizations, and seven of the top 10 financial institutions. Put us to work protecting you.
Which Firewall Enterprise Appliance is right for you?
|McAfee Firewall Enterprise Specifications|
|Form factor||mini 1U||1U||1U||Enterprise 1U||Enterprise 2U||Enterprise 2U||Enterprise 2U|
|Unlimited user licenses||Yes||Yes||Yes||Yes||Yes||Yes||Yes|
|RAID||N/A||N/A||N/A||RAID 1||RAID 1||RAID 5||RAID 5|
|Maximum network modules||N/A||N/A||N/A||1||3||3||24|
|1 Gb copper interfaces (base/max)||4||8||8||8/16||8/32||8/32||8/164|
|1 Gb fiber interface option (maximum)||N/A||N/A||N/A||8||24||24||84|
|10 Gb fiber interface option (maximum)||N/A||N/A||N/A||6||18||18||44|
|Encrypted Filtering Acceleration||N/A||N/A||Integrated||Integrated||Integrated||Integrated||N/A|
|Out-of-band management (status, temperature, voltage, on/off, and more)||Serial Console Only||Serial Console Only||Yes||Yes||Yes||Yes||Yes|
|Regulatory compliance||BSMI (Taiwan), MIC/KCC (Korea), C-Tick (Australia/NZ), VCCI (Japan), FCC (US), UL (US), CSA (Canada), ICES (Canada), CE (EU), GOST R (Russia), CCC (China), SABS (South Africa), IRAM (Argentina), NOM (Mexico)|
|Firewall performance (maximum)2||750 Mbps||1.0 Gbps||4.0 Gbps||9.0 Gbps||12.0 Gbps||15.0 Gbps||12.0 Gbps|
|Threat Prevention2||250 Mbps||1.0 Gbps||2.0 Gbps||3.0 Gbps||5.0 Gbps||6.0 Gbps||5.0 Gbps|
|McAfee AppPrism2||100 Mbps||1.0 Gbps||2.0 Gbps||7.5 Gbps||10.0 Gbps||12.0 Gbps||10.0 Gbps|
|New sessions per second2||5,000||15,000||20,000||35,000||50,000||70,000||50,000|
|IPSec VPN throughput (AES)2||60 Mbps||250 Mbps||350 Mbps||400 Mbps||450 Mbps||500 Mbps||450 Mbps|
|IPSec VPN maximum number of tunnels2||250||1,000||2,000||4,000||8,000||10,000||8,000|
|Dimensions, Weight, Environmental|
|30 lbs (est)
|Power supply details||100 W
|Dual 400 W
|Dual 750 W
|Operating temperature||0º C – 35º C
32º F – 95º F
|10º C – 35º C
50º F – 95º F
1 All specification and performance results are based on the S-series of appliances.
2 V8 performance data represents the maximum capabilities of the systems as measured under optimal testing conditions. Deployment and policy considerations may impact performance results.
3 Please contact your McAfee representative to determine proper sizing for your needs.
4 Maximum of two network modules supported (of any type), maximum of one 10 Gb network module supported (with a maximum of four transceivers populated).
Firewall Enterprise Additional Features:
|McAfee AppPrism™—application, discovery, and control including:
McAfee AppPrism categories
Global threat intelligence
Intrusion prevention system (IPS)
Anti-virus and anti-spyware
Download the McAfee Firewall Enterprise Datasheet (PDF).