McAfeeWorks.com is a McAfee SecurityAlliance Premier Partner

McAfee - Antivirus Software and Intrusion Prevention Solutions

McAfee Firewall Enterprise

Next-generation firewall, providing true application control

McAfee Firewall Enterprise

McAfee Firewall Enterprise Appliance Overview

With the increased number of network-based applications and the exponential growth of threats, traditional firewalls are inadequately protecting your network's data. McAfee Firewall Enterprise is a next-generation firewall that restores control and protection to your network. Discover, control, visualize, and protect your users, network applications, and infrastructure.

McAfee Firewall Enterprise offers unprecedented levels of application control and threat protection. Advanced capabilities, such as application visualization, reputation-based global intelligence, automated threat feeds, encrypted traffic inspection, intrusion prevention, anti-virus, and content filtering, block attacks before they occur.

Firewall Enterprise also includes enhanced security powered by McAfee Global Threat Intelligence (GTI). McAfee GTI is a comprehensive cloud-based threat intelligence service. Already integrated into McAfee security products, it works in real time, 24 hours a day, to protect customers against cyberthreats across all vectors — file, web, message, and network. McAfee GTI offers the broadest threat data, most robust data correlation, and most complete product integration in the industry. McAfee's GTI network allows enabled products to evaluate threats on multiple vectors in real time, leading to faster identification of threats and higher capture rates. Firewall Enterprise uses the McAfee GTI network connection reputation service to identify domains, IP addresses, and ports that may be hosting malware attacks, and block those attacks. Firewall Enterprise also uses web reputation to identify URLs that may be infected or hosting malware attacks, as well as sites hosting undesirable content.

Three additional products simplify management and help you quickly respond to your business requirements:

McAfee Firewall Profiler (included) — instantly analyzes network traffic and firewall rules to provide insight into the effectiveness of your firewall configuration in enforcing your corporate security policy. Firewall Profiler dramatically reduces the time needed to solve firewall-related network or application outages from hours to minutes, turning substantial manual efforts into a few simple clicks.

McAfee Firewall Reporter (included) — turns audit streams into actionable information. This award-winning security event management (SEM) tool delivers central monitoring plus correlated alerting and reporting to help meet all major regulatory requirements, including PCI DSS, GLBA, HIPAA, SOX, and FISMA.

McAfee Firewall Enterprise Control Center (sold separately) — offers centralized, enterprise-class firewall policy management for global-scale deployments.

Benefits and Features:

Consolidate security, leverage high-assurance features
Put the firewall in charge of network security again with integrated comprehensive network protection technology, including:

  • Network intrusion prevention
  • Web filtering
  • Anti-virus
  • IP reputation
  • Geo-location
  • Anti-malware

Restore policy compliance in the network
Establish control over network applications and ensure alignment with compliance requirements. Allow administrators to quickly and efficiently apply application and user-based policies written in business terms. Powerful visualization tools provide unique insight into the effectiveness of policy controls.

Improve business agility and reduce costs
Lower acquisition and operational costs with an increased protection profile in both physical and virtual network environments. Enterprises can install McAfee firewall and security features to Riverbed Steelhead equipment, adding network and application visibility to Riverbed’s WAN optimization and server consolidation capabilities.

Use AppPrism for application controls
Discover, control, visualize, and protect thousands of network applications. With AppPrism, you can gain individual application function control within the application.

Integrate with existing identity infrastructure
Align your firewall rules directly with organizational policy statements. Integration with existing network identity infrastructure enables simple deployment while aligning network security with the organization system of record.

Leverage millions of sensors worldwide
Harness the power of 100 million sensors worldwide, providing real-time threat feeds to deliver predictive and pro-active security protection. Greatly reduce your time to protection with automated threat feeds that are delivered without taking the firewall offline.

Identify firewall rule optimizations
Simplify the firewall’s policy in real time. Eliminate the hours spent looking for overlapping, conflicting, or inactive rules. The intuitive interface immediately identifies firewall rule optimizations, as you modify or construct rules.

Optimize rules management
Centrally manage firewalls and generate reports; create rules and selectively apply anti-virus, IPS signatures, URL filtering, and more from a single screen; correlate firewall rules to users and applications to ease planning and troubleshooting. Integration with the McAfee ePolicy Orchestrator (ePO) platform provides a holistic view of firewall health information and an understanding of desktop and server security posture.

Provide security throughout the network
Deploy robust, flexible, and scalable security across your network, precisely where it’s needed with McAfee’s diverse set of powerful platforms. McAfee’s custom-built network appliances and availability to run on Crossbeam’s X-Series platforms address all performance and port density requirements, providing up to 40 Gbps of inspected traffic throughput. Multi-firewall appliances can consolidate up to 32 traditional standalone firewalls into a single, easy-to-manage, and cost-effective appliance. Our firewall virtual appliances secure intra-VM traffic among hosted machines within VMware ESX servers.

Solutions:

Sprawling enterprise applications and the broad, fast-changing attack surface of Web 2.0 necessitate a new approach to firewall security. First generation firewalls were limited to port, protocol, and IP addresses. Today, enhanced next generation McAfee® firewalls let you confidently discover, control, visualize, and protect new and existing applications, using visual analytics and user identity for efficient, effective rules. And to detect complex threats within these applications, we integrate proactive threat intelligence with multiple inspection technologies in one cost-effective, easyto- manage appliance.

Firewalls are traditionally only as strong or as weak as the policies you define. But effective security policies for today's complex Web 2.0 traffic depend on fine-grained understanding that can be hard to come by. You need rapid insight that goes far beyond port and protocol to encompass different web applications and users and the sophisticated threats that target them.

Where in the past you could await signatures, the breakneck pace of threat evolution today demands proactive, predictive diagnosis of risk. Multiple attributes, such as source reputation, content, and behavior, should be assessed to reveal malicious intent before a new threat is confirmed.

It's not enough to predict the threat. Accurate, timely blocking demands concerted action that crosses conventional product silos.

These demands—plus the call to prove compliance—increase the operational burden on the network team. Yet budgets remain under pressure. Something has to change.

The Biggest Firewall Innovation in 15 Years

With version 8 of the McAfee Firewall Enterprise, McAfee reinvents the firewall. Three innovations deliver unprecedented protection at an unheard-of affordability. We combine full application visibility and control, reputation-aware threat intelligence, and multivector attack protection to improve network security while shaving effort and expense.

The firewall solution includes the McAfee Firewall Enterprise appliance family: McAfee Firewall Enterprise Profiler, McAfee Firewall Enterprise Control Center, and McAfee Firewall Reporter.

Today, the weakest link in network security is the application layer. So we have taken the firewall trusted by more ultra-secure environments and added broad application discovery and control. You can now protect new and existing Web 2.0 applications from the risks of data leakage, network abuse, and malicious attacks. With McAfee technology, you can ensure the applications using your network benefit your business.

Discover
McAfee AppPrism technology uses the innovative McAfee Firewall Enterprise Profiler to identify all traffic and reveal the applications that are really in use, with helpful context such as source, bandwidth, and destination. By inspecting encrypted application-level traffic, you can eliminate loopholes favored by cyberthieves and attackers.

Control
Fine-grained control allows comprehensive enforcement of policy based on business needs. Instead of policies matched just to IP address, port, or protocol, you can now place a user name with a role and a set of applications.

Construct application usage rules that combine attributes such as:

  • Business or recreational purpose
  • User identity
  • Embedded application control
  • Whitelisting
  • Geo-location

User identity
Without visibility into and control over users and the context of their use, firewalls cannot defend against increasingly port-agile, evasive, targeted applications. McAfee Firewall Enterprise applies user-aware rules and control over applications.

When a user connects, the system validates entitlements in real time from your existing user directory. The firewall quickly applies policies mapped to user identity that grant explicit use of an application.

By tracking to the user, rules are granular enough for modern business operation. And identitybased rules make good operational sense. More and more enterprises rely heavily on unified use of user directories and identity management to support access controls. User changes happen once and propagate out. Security policies stay up to date as the user community changes.

Embedded application control
Embedded application control gives you the power to tailor rights within an application. For instance, you might allow Yahoo, but block Yahoo IM, or allow IM only for specific user groups, perhaps customer support or sales, or locations, such as the head office.

You can also support appropriate corporate use and blackout policies by specifying when an application can or cannot be used. Rules could allow MySpace use during lunchtime, for example, for customer service teams, while financial applications are not available to anyone via VPN on weekends.

Many exploits try to benefit from the lax security in social networking sites by concealing their payloads within trendy applets. With McAfee, you can allow access to the beneficial elements of sites like Facebook, but still minimize the risk of compromised applications within each site.

Whitelisting
For advanced control, application whitelisting lets you explicitly allow only traffic from applications that have been approved as necessary or appropriate. Compared to lengthy blacklists, whitelisting whittles down the number of rules you need to write and maintain.

Geo-location
As botnets proliferate through popular social networking applications, it has become more important to be able to lock down rogue applications that attempt to communicate to certain locations. Geo-location lets you cut off this contact to keep your data from exfiltrating and prevent your systems from being used for mischief.

We give you this fine-grained control while making rules development less complex. In fact, there's just one policy in one view. One straightforward console presents the options required to efficiently manage all rules and add defenses. This unified model is especially beneficial over time and across teams, as we also highlight rule interactions and overlaps. With colored fields highlighting potential conflicts, you avoid errors and enhance performance.

Visualize
It's time to move from managing rules to managing risk. McAfee Firewall Enterprise Profiler simplifies assessment of network traffic so you can add new applications quickly. Our intuitive visual analytics give you a way to measure the effectiveness of each rule change instantly, so you can tune policies for the maximum benefit.

Rich graphical tools correlate application activities in real time, based on user identity, geo-location, and usage levels. You can easily see who is using what applications. This integrated view lets you exchange hours of due diligence, experimentation, and troubleshooting for just a few clicks. For some users, the biggest advantage is seeing immediately whether or not a problem was really due to the firewall and being able to navigate to its root cause.

McAfee Global Threat Intelligence featuring McAfee TrustedSource allows or blocks traffic based upon reputation.
Figure 1. McAfee Global Threat Intelligence featuring McAfee
TrustedSource allows or blocks traffic based upon reputation.

Protect
McAfee AppPrism helps you reduce risks from application-level threats while you optimize use of corporate bandwidth. Behind McAfee AppPrism stands the power of McAfee Labs™. Our threat researchers utilize threat research and intelligence data to continually recognize and assess risk for 31 categories of applications, ranging from anonymizers to video and photo sharing.

By assigning dynamic reputations for sites, senders, and locations, we can block an average 70 percent of undesirable traffic before you ever see it. Because of this capability, it can even spot the subtle command and control (C and C) channel of botnets.

The Only Firewall with Reputation Analysis and Global Threat Intelligence

Only McAfee includes reputation technology in a firewall, and it is just one element of McAfee Global Threat Intelligence. At McAfee, more than 400 researchers collaborate across web, spam, vulnerability, host and network intrusion, malware, and regulatory compliance research. This breadth allows them to characterize every new threat and vulnerability.

Their efforts, informed by more than 100 million sensors around the world, deliver real-time predictive risk analysis to guard you against evolving multifaceted threats.

Unlike old-fashioned firewalls that rely on signatures, automated threat feeds from McAfee Labs keep you up to date without taking your firewall off-line. With the increase in advanced persistent threats like Operation Aurora, McAfee Global Threat Intelligence is the most sophisticated protection you can own, helping you mitigate vulnerabilities, avoid regulatory violations, and lower the cost of remediation.

Multivector Security in One Integrated Appliance

One reason customers choose McAfee is our extensive security and compliance portfolio. Now, we place this might right at your door. Facing off against the complex threats in Web 2.0 applications, exploit cocktails, phishing, and targeted attacks, McAfee Firewall Enterprise now combines multiple crucial threat protections in every firewall appliance.

Before, firewalls were limited to access control and segmentation. Adequate protection required the expense of implementing and maintaining several separate products. Now, one box combines:

  • McAfee AppPrism delivers full application discovery and control
  • Intrusion prevention
  • Global reputation analysis
  • URL filtering with McAfee SmartFilter technology
  • Encrypted application filtering
  • Anti-virus, anti-spyware, and anti-spam

Our experience building multivector solutions has helped us deliver all these protections without compromising performance or productivity—and without charging extra.

Fine-Grained Control Made Manageable

Reliable security must also be easy to configure. The intuitive McAfee Firewall Enterprise administrative console lets your administrators create rules and selectively apply defenses such as application filters, IPS signatures, and URL filtering from a single screen. New software feature updates are delivered automatically via the Internet, reducing maintenance effort. Simply determine the schedule with a single click.

The McAfee Firewall Enterprise product line includes additional tools for simplifying management: McAfee Firewall Reporter and McAfee Firewall Enterprise Control Center.

Included at no additional cost, McAfee Firewall Reporter software turns audit streams into actionable information. This award-winning security event management (SEM) tool delivers central monitoring, and correlated alerting and reporting. Choose from more than 500 graphical reports to depict network traffic and help meet all major regulatory requirements.

Sold separately, McAfee Firewall Enterprise Control Center offers centralized firewall policy management for multiple McAfee Firewall Enterprise appliances. It lets you maximize operational efficiency, simplify policy control, optimize rules, streamline software updates, and demonstrate regulatory compliance. You can even compare policy configurations on all of your McAfee Firewall Enterprise Control Centermanaged devices to ensure consistency across your network. Robust configuration management lets you centrally track, trace, and validate all policy changes.

Furthermore, McAfee Firewall Enterprise Control Center integrates with McAfee ePolicy Orchestrator® (McAfee ePO™) software, providing it with visibility into firewall health data and reports.

The Most Secure Firewall Hardware Platform

At its core, McAfee Firewall Enterprise runs on the high-speed, high assurance McAfee SecureOS operating system. Patented McAfee Type Enforcement technology secures the OS itself for an unparalleled level of platform security. Perhaps it is why McAfee SecureOS has an unparalleled CERT advisory record: no emergency security patches have ever been required.

The preconfigured operating system security policy prevents compromises, and the entire operating system is compartmentalized so attackers cannot disrupt its work.

These extra steps allowed us to be the first firewall to achieve Common Criteria EAL 4+ certification with US DoD Protection Profile compliance.

Because of our innovation and advanced security, the McAfee Firewall Enterprise protects 15,000 networks around the world, including thousands of government agencies, Fortune 500 organizations, and seven of the top 10 financial institutions. Put us to work protecting you.

Specifications:

Which Firewall Enterprise Appliance is right for you?

McAfee Firewall Enterprise Specifications
Models S1104 S2008 S3008 S4016 S5032 S6032 S7032-XX
Hardware Specifications1
Form factor mini 1U 1U 1U Enterprise 1U Enterprise 2U Enterprise 2U Enterprise 2U
Unlimited user licenses Yes Yes Yes Yes Yes Yes Yes
Recommended users 200 300 600 Med-Large3 Med-Large3 Large3 Large3
RAID N/A N/A N/A RAID 1 RAID 1 RAID 5 RAID 5
Maximum network modules N/A N/A N/A 1 3 3 24
1 Gb copper interfaces (base/max) 4 8 8 8/16 8/32 8/32 8/164
1 Gb fiber interface option (maximum) N/A N/A N/A 8 24 24 84
10 Gb fiber interface option (maximum) N/A N/A N/A 6 18 18 44
Encrypted Filtering Acceleration N/A N/A Integrated Integrated Integrated Integrated N/A
Out-of-band management (status, temperature, voltage, on/off, and more) Serial Console Only Serial Console Only Yes Yes Yes Yes Yes
Regulatory compliance BSMI (Taiwan), MIC/KCC (Korea), C-Tick (Australia/NZ), VCCI (Japan), FCC (US), UL (US), CSA (Canada), ICES (Canada), CE (EU), GOST R (Russia), CCC (China), SABS (South Africa), IRAM (Argentina), NOM (Mexico)
Performance1
Firewall performance (maximum)2 750 Mbps 1.0 Gbps 4.0 Gbps 9.0 Gbps 12.0 Gbps 15.0 Gbps 12.0 Gbps
Threat Prevention2 250 Mbps 1.0 Gbps 2.0 Gbps 3.0 Gbps 5.0 Gbps 6.0 Gbps 5.0 Gbps
McAfee AppPrism2 100 Mbps 1.0 Gbps 2.0 Gbps 7.5 Gbps 10.0 Gbps 12.0 Gbps 10.0 Gbps
Concurrent Sessions2 200,000 500,000 750,000 1,500,000 3,000,000 4,000,000 3,000,000
New sessions per second2 5,000 15,000 20,000 35,000 50,000 70,000 50,000
IPSec VPN throughput (AES)2 60 Mbps 250 Mbps 350 Mbps 400 Mbps 450 Mbps 500 Mbps 450 Mbps
IPSec VPN maximum number of tunnels2 250 1,000 2,000 4,000 8,000 10,000 8,000
Dimensions, Weight, Environmental
Width 16.9 in
42.93 cm
16.9 in
42.93 cm
17.2 in
43.8 cm
17.4 in
44.3 cm
Depth 8.5 in
21.59 cm
28.0 in
71.12 cm
24.4 in
61.87 cm
26.8 in
68.1 cm
Height 1.7 in
4.32 cm
1.7 in
4.32 cm
1.7 in
4.32 cm
3.4 in
8.64 cm
Weight 10.93 lbs
4.96 kg
25 lbs
11.34 kg
22 lbs
9.98 kg
30 lbs (est)
13.61 kg
Power supply details 100 W
110/220 V
350 W
110/220 V
Dual 400 W
110/220 V
Dual 750 W
110/220 V
Operating temperature 0º C – 35º C
32º F – 95º F
10º C – 35º C
50º F – 95º F

1 All specification and performance results are based on the S-series of appliances.
2 V8 performance data represents the maximum capabilities of the systems as measured under optimal testing conditions. Deployment and policy considerations may impact performance results.
3 Please contact your McAfee representative to determine proper sizing for your needs.
4 Maximum of two network modules supported (of any type), maximum of one 10 Gb network module supported (with a maximum of four transceivers populated).

Firewall Enterprise Additional Features:

McAfee AppPrism™—application, discovery, and control including:
  • Packet, stateful, and full application filtering
  • Full application discovery and control
  • Multiple delivery options, including multi-firewall appliances (one appliance managing up to 32 virtual firewalls), McAfee Firewall Enterprise for Riverbed, McAfee Firewall Enterprise for Crossbeam, and a virtual firewall appliance
  • Network address translation (NAT)

McAfee AppPrism categories

  • Anonymizers/proxies
  • Authentication services
  • Business web applications
  • Content management
  • Commercial monitoring
  • Database
  • Directory services
  • Email
  • Encrypted tunnels
  • Enterprise resource planning (ERP)/customer relationship management (CRM)
  • Filesharing
  • Gaming
  • Instant messaging
  • Infrastructure services
  • IT utilities
  • Mobile software
  • Peer-to-peer (P2P)
  • Photo/video sharing
  • Remote administration
  • Remote desktop/terminal services
  • Social networking
  • Software/system updates
  • Storage
  • Streaming media
  • Toolbars and PC utilities
  • Voice over IP (VoIP)
  • VPN
  • Webmail
  • Web browsing
  • Web conferencing

Authentication

  • Local
  • Microsoft Active Directory
  • Transparent identities for Active Directory (McAfee logon collector)
  • LDAP (Sun, Open LDAP, Custom LDAP)
  • RADIUS
  • Microsoft Windows domain authentication
  • Microsoft Windows NTLM authentication
  • Passport (single sign-on)
  • Strong authentication (SecurID)
  • Supports CAC authentication
High availability
  • Active/active
  • Active/passive
  • Stateful session failover
  • Remote IP monitoring

Global threat intelligence

  • McAfee Global Threat Intelligence™ network connection reputation
  • Geo-location filtering
  • McAfee Labs™
Encrypted application filtering
  • SSH
  • SFTP
  • SCP
  • Bidirectional HTTPS decryption and re-encryption

Intrusion prevention system (IPS)

  • More than 10,000 signatures
  • Automatic signature updates
  • Custom signatures
  • Preconfigured signature groups

Anti-virus and anti-spyware

  • Protects against spyware, Trojans, and worms
  • Heuristics
  • Automatic signature updates

Web filtering

  • Integrated McAfee SmartFilter® filtering and management
  • Block Java, Active-X, JavaScript, SOAP

Anti-spam

  • McAfee Global Threat Intelligence network connection reputation

VPN

  • IKEv1 and IKEv2
  • DES, 3DES, AES-128, and AES-256 encryption
  • SHA-1 and MD5 authentication
  • Diffie-Hellmann groups 1, 2, and 5
  • Policy-restricted tunnels
  • NAT-T
  • Xauth

Documentation:

PDF File
Download the McAfee Firewall Enterprise Datasheet (PDF).