McAfee Next Generation Firewall

McAfee Next Generation Firewall

Superior highly available, scalable, and flexible protection against the latest advanced threats

Next Steps:

Overview

McAfee Next Generation Firewall (NGFW) protects enterprise networks with high-performance, intelligence-aware security controls supported by real-time updates from McAfee’s Security Connected ecosystem. This enables McAfee to deliver the industry’s best evasion prevention along with complete next-generation firewall protections when and where you need it — remote sites, branch offices, data centers, and the network edge.

The McAfee Next Generation Firewall solution starts with a solid foundation of protections, including granular application control, intrusion prevention system (IPS), built-in virtual private network (VPN), and deep packet inspection — all in an efficient, extensible, and highly scalable unified design. Then McAfee adds powerful anti-evasion technologies that decode and normalize network traffic — before inspection and across all protocol layers — to expose and block the most advanced attack methods.

See what third-parties have to say about McAfee Next Generation Firewall

Security TCO Performance
Ease of Use Management

Unified software core — Add security features and capacity, without disrupting your network. With McAfee Next Generation Firewall, a single system design serves multiple roles — next-generation firewall, Layer 2 firewall, firewall/VPN, IPS, remote access gateway, and application control. Integrate multiple security capabilities in a single device, with a single management environment, yet pay only for what you use. Get started with a low initial purchase price, and expand capabilities as needed while keeping TCO low.

Protection against advanced evasion techniques — Get built-in defense against a new class of sophisticated attacks. McAfee Next Generation Firewall analyzes the content in the data stream to protect against known and unknown evasion techniques, even when they are applied on multiple protocol levels, increasing protection against advanced persistent threats and other undesirable traffic.

Centralized management — A single, powerful management platform centrally controls all of the firewalls throughout your corporate infrastructure and remote sites, increasing management efficiency and lowering TCO. Administrators can easily build and apply rules for complex environments — including software, physical, or virtual devices. Actionable reports and a single management system provide real-time visibility into your security posture.

High availability and scalability — Support the security demands of data centers that must deliver uninterrupted uptime and protection. Built-in traffic load balancing and clustering capabilities allow for native active-active clustering and load balancing for up to 16 nodes, where nodes can be different models and different OS that support operating speeds up to 120 Gbps — without requiring a third-party clustering or load balancing product. This flexible design delivers high availability and high throughput.

Additional Resources

The future of firewalls starts with next-generation technologies

Learn More

Features & Benefits

Security Connected

The McAfee Security Connected threat ecosystem enables rapid sharing of extensive real-time threat information, empowering organizations to fight cybercrime with the latest global and local threat knowledge. Security Connected enables McAfee Next Generation Firewall to leverage threat information from other McAfee security solutions and a wide variety of third-party sources.

Adapts easily to your security needs

McAfee Next Generation Firewall easily changes security roles — from NGFW, to IPS, or Layer-2 firewall. A unified software core serves to optimize the data plane, providing a significant performance advantage regardless of security role or number of active security features. For even more flexibility, McAfee Next Generation Firewall can be deployed in a wide variety of formats — as a physical appliance, software solution, virtual appliance, or as virtual contexts on a physical appliance.

High availability and scalability

Native active-active clustering and load balancing of up to 16 appliances, running different models and software versions within the same cluster, provides scalability and high availability in demanding data center environments and situations where processing-intensive security applications, such as deep inspection or VPNs, require more performance.

Application control

Enforce granular application usage policies based on individual users, user groups, traffic type, target or source IP address, interface or domain name, time, and day of the week. This enables better security and network bandwidth management.

Advanced Evasion Technique (AET) prevention

Defend against sophisticated AETs, typically used by attackers to obtain access into protected networks and launch advanced persistent threats. Always up to date, this critical layer of protection stops emerging network-based attacks that can bypass other next-generation firewalls.

Centralized management

Use a single, powerful, and highly scalable management console for expanded visibility into your entire network. Centralized management reduces operational costs and eliminates chaos by unifying control of network security devices in the data center, at remote sites, and throughout the corporate infrastructure.

Management System

McAfee Security Management Center

See the big picture across your distributed network, while lowering operational costs with McAfee Security Management Center. Our intuitive and scalable centralized management platform provides unparalleled situational awareness of critical network security events. A simple interface keeps you informed of the latest events on your network, including where attacks originate, active sessions, anomalous traffic, and more. McAfee Security Management Center provides control across a variety of McAfee Next Generation Firewall hardware, software, and virtual devices throughout your enterprise — enabling consistent protection and efficient maintenance for branch sites, internal network segments, and data centers.

Reduce total cost of ownership
Manage more with fewer resources. With McAfee Security Management Center, you can automate routine tasks, reuse policies, and utilize numerous shortcuts, saving time and money. All tasks, including initial deployments, can be performed through the centralized management console — streamlining configuration, maintenance, and support.

Efficiency gains
Streamlined workflows guide administrators through daily security management tasks, enabling fast drill-down into policies, logs, and reports. Even greater efficiencies are realized in large, distributed environments with multiple firewalls, where administrators benefit from reusable policies and tasks, unified monitoring, and centralized reporting.

Situational awareness
Easily accessible statistical reports and visualizations help you understand your environment immediately, highlighting any anomalies found.

Third-Party Validation

NSS Labs Recommended for three years in a row.


2012

2013

2014

McAfee Next Generation Firewall products achieved passing grades in all five rigorous testing categories to win placement in the “NSS Labs Recommended” category for the third year in a row. In addition, McAfee NGFW has earned a favorable position on the NSS Labs Security Value Map (SVM).

Next Generation Firewall Product Analysis — NSS Labs, October 2014

McAfee NGFW 1402 appliance was subjected to a battery of tests by independent testing outfit NSS Labs. Comprehensive testing was performed using vendor recommended out-of-the-box settings in five major areas including evasions, stability and reliability, application control, identity awareness, and firewall policy enforcement.

Security Value Map — NSS Labs, October 2014

McAfee NGFW 1402 appliance is compared directly with 11 competitive next-generation firewall products. Detailed comparisons are provided across the categories of security, performance, and total cost of ownership (TCO) and presented in an aggregated graph.

Throughput and Scalability Report McAfee NGFW 5206 — Miercom, October 2014

Independent testing lab Miercom performed comprehensive throughput and scalability testing on the McAfee NGFW 5206 appliance. Testing was performed with application control, deep packet inspection, and antivirus enabled, and in configurations of one to four clusters.

Calculating the Business Value of Next Generation Firewall — IDC, October 2014

This white paper articulates the business benefits derived by companies that have deployed a NGFW solution. The data is based on in–depth interviews with eight McAfee customers. These companies were mostly large organizations with an average employee base of 7,082. Interviewees came from a variety of industries — energy, financial services, manufacturing, retail, service provider, technology, and education.

Lab Validation Report — ESG, April 2014

This report presents the results of ESG Lab hands-on testing of McAfee Next Generation Firewall. The evaluation validates the solution’s capability to deliver scalable, highly available network security that goes beyond the basic requirements of a next-generation firewall.

Advanced Network Protection with McAfee Next Generation Firewall — SANS, June 2014

See what the SANS Institute says about the management features and advanced security capabilities of McAfee Next Generation Firewall.

Product Modules

McAfee Firewall/VPN Product Modules

McAfee Firewall/VPN provides highly available, centrally managed network security to optimize business continuity for distributed enterprises. McAfee Firewall/VPN creates a protective perimeter around your company, preventing attacks and securing your data communications, all in an easy-to-deploy and manage solution.

McAfee Firewall/VPN is built with the unified software core of McAfee Next Generation Firewall. So, as your business grows, your firewall can be easily upgraded and augmented with additional features, functions, and capabilities with a simple change of your license key.

High availability
Unique technologies provide your enterprise with always-on connectivity for uninterrupted protection with zero downtime. Update and upgrade at any time without service connection breaks. Learn more about our high availability technologies.

Advanced security
McAfee Firewall/VPN utilizes multilayer inspection technology to detect and block advanced evasion techniques that can easily bypass many network security devices. Additionally, McAfee Firewall/VPN is hardened with strong encryption to meet the most demanding security requirements.

Easy to manage
McAfee NGFW appliances are administered via the Security Management Center, saving you time and money. Plug-and-play deployments, task automation, policy replication, and advanced visualizations streamline administrative tasks.

Technologies

McAfee Next Generation Firewall integrates industry-leading technologies to provide top performance, advanced threat protection, and seamless deployment. Learn more about each of these technologies below, or see all integrated technologies.

Customer Stories

Carglass

McAfee Next Generation Firewall solution helped Carglass significantly reduce time and resources for their network management.

Highlights
  • Rapid deployment and immediate ROI.
  • Significant drop in time and resources needed for network management.
  • A scalable and secure network infrastructure to support a growing footprint of mobile sites.

Cegedim

Founded in 1969, Cegedim is a global provider of technology and data services to healthcare organizations, life sciences companies, healthcare professionals, and insurance companies. 

Highlights
  • High performance to meet the throughput requirements of a large, multinational network.
  • Scalability to adapt as company’s requirements change and grow.
  • Robust firewall protection at every Cegedim site.
  • Centralized management of global security environment for cost savings and efficiency.
  • Flexibility to enable granular, service-level policy definitions.

CEMEX

CEMEX is a global building materials company that produces, distributes, and sells cement, concrete, aggregates, and related building materials and services to customers and communities throughout the Americas, Europe, Africa, Asia, and the Middle East. Based in Monterrey, Mexico, CEMEX employs more than 43,000, with operations in 50 countries spanning four continents. The company is also the world’s leading supplier of ready-mix concrete.

Highlights
  • Safeguards against zero-day advanced persistent threats without signature updates.
  • Greatly diminishes administrative time, from defining policies to repairing workstations.
  • Protects more than 26,000 endpoints from email, web, and application-generated attacks.
  • Provides streamlined and integrated management of large, global security platform.

Cobweb Solutions

Cobweb Solutions offers a range of hosted communication tools, including email, SharePoint, virtual desktops, hybrid cloud and web hosting, as well as multiple cloud solutions.

Highlights
  • Easy-to-use, centralized management.
  • Manage security holistically and in real time.
  • Reduce network configuration time from hours to minutes.

Fusion Media Networks

McAfee Next Generation Firewall solution provides Fusion with a clear view of its clients’ data, enabling the company to offer full protection against threats, regardless of location.

Highlights
  • McAfee Security Management Center reduced administrative costs by 30%
  • Built-in defense against AETs
  • Protection against threats allows customers to concentrate on core business activities

RWTH Aachen

McAfee Next Generation Firewall secures incoming and outgoing network traffic at RWTH Aachen, while maintaining high performance and availability.

Highlights
  • Robust multitenancy for rapid troubleshooting and support.
  • Ability to perform maintenance and operation while system is running.
  • Efficient and user-friendly administration.

Resources

Data Sheets

McAfee Firewall/VPN Appliance Comparison

Download a technical comparison of all McAfee Firewall/VPN appliances.

McAfee Security Management Center

For a technical summary on the McAfee product integration listed above, please view the product data sheet.

McAfee Next Generation Firewall Appliance Comparison

Download a technical comparison of all McAfee Next Generation Firewall appliances.

McAfee Firewall/VPN

For a technical summary on the McAfee product integration listed above, please view the product data sheet.

McAfee Next Generation Firewall Roles and Licensing Options

For technical specifications on the McAfee product listed above, please view the product data sheet.

McAfee Next Generation Firewall Modules

For technical specifications on the McAfee product listed above, please view the product data sheet.

McAfee Next Generation Firewall MIL-320

For technical specifications on the McAfee product listed above, please view the product data sheet.

Additional Subscriptions for McAfee Next Generation Firewall

For technical specifications on the McAfee product listed above, please view the product data sheet.

McAfee Virtual Contexts

For technical specifications on the McAfee product listed above, please view the product data sheet.

McAfee Next Generation Firewall S-Model Appliance Specifications

Find detailed technical specifications for six models of the McAfee Next Generation Firewall S-series.

Design & Implementation

McAfee Next Generation Firewall: Design and Implementation Guide

The McAfee Next Generation Firewall Design and Implementation Guide provides best practice designs and configuration steps for some of the most common use cases that enterprises will encounter.

Infographics

McAfee Next Generation Firewall Business Value Snapshot — IDC

This infographic breaks down the benefits of McAfee Next Generation Firewall according to ROI, response time improvement, productivity, and more.

The Top 20 Critical Controls for Effective Cyber Defense

View SANS poster

Does Your Firewall Pass the Test?

ESG Labs designed four tests to represent the major challenges that network administrators face in their day-to-day work, and McAfee Next Generation Firewall passed them all.

Legacy Products

McAfee Next Generation Firewall Specification Sheet - Legacy Products

This data sheet includes a list of the latest supported software versions, supported feature packs, supported interface modules, and end-of-support and end-of-life dates for legacy Next Generation Firewall products.

Reports

Security Value Map — NSS Labs

McAfee NGFW 5206 appliance is compared directly with 11 competitive next-generation firewall products.  Detailed comparisons are provided across the categories of security, performance, and total cost of ownership (TCO) and presented in an aggregated graph.

Throughput and Scalability Report McAfee NGFW 5206 — Miercom

Independent testing lab Miercom performed comprehensive throughput and scalability testing on the McAfee NGFW 5206 appliance. Testing was performed with application control, deep packet inspection, and antivirus enabled, and in configurations of one to four clusters.

McAfee Next Generation Firewall review by Frank Ohlhorst, Enterprise Networking Planet

Threats aimed at corporate entities and enterprises are rapidly evolving, with targeted attacks becoming the norm and advanced persistent threats (APTs) increasing. What's more, APTs have been further fueled by the rise of advanced evasion techniques (AETs), which help APTs bypass firewalls, security appliances, and endpoint security products. The answer to APTs and AETs is advanced next-generation firewall software. This technology review examines the McAfee Next Generation Firewall solution that's designed to quell today's security concerns by combining a plethora of security technologies with obfuscation techniques that successfully thwart attacks.

McAfee Next Generation Firewall: Optimize Your Defense, Resilience, and Efficiency

This eBook provides an in-depth overview of the features and benefits of the technologies within McAfee Next Generation Firewall.

NSS Labs Next Generation Firewall Product Analysis — NGF-1402 v5.7.1

McAfee Next Generation Firewall awarded NSS Labs’ “Recommended” for the third year in a row.

What's Next: Industry Experts Speak Out on Advanced Evasion Techniques (Europe)

Find out what industry experts from the US and Europe are saying about advanced evasion techniques (AETs). You’ll learn why they are growing concern, why technology alone is not enough to keep them in check, and how they will shape the future of enterprise security.

SANS Report – Advanced Network Protection with McAfee Next Generation Firewall

Evaluating next generation firewalls? See what the SANS Institute says about the management features and advanced security capabilities of the McAfee Next Generation Firewall.

What's Next: Industry Experts Speak Out on Advanced Evasion Techniques

Get our experts' opinions on Advanced Evasion Techniques (AETs)- delivery mechanisms used to disguise advanced persistent threats (APTs) and permit them to slip through network security undetected.

ESG Lab Validation Report: McAfee Next Generation Firewall

This report presents the results of ESG Lab’s hands-on testing of McAfee Next Generation Firewall. The evaluation validates the solution’s capability to deliver scalable, highly available network security that goes beyond the basic requirements of a next-generation firewall.

Report Summary: The Security Industry’s Dirty Little Secret

This report is a summary on how AETs play a critical role in an APT attack is vital to protecting any organization.

The Security Industry’s Dirty Little Secret

One of the dirty little secret weapons hackers use to bypass security systems and penetrate even the most locked-down networks are advanced evasion techniques (AETs). While AETs are not a secret among the hacking community—where they are well known and have been in widespread use for several years—there are misunderstandings, misinterpretation, and ineffective safeguards in use by the security experts charged with blocking AETs.

Advanced Attacks Demand New Defenses

Security threat and response is a vicious circle of escalating (and increasingly cagey) ­attacks and sophisticated (and increasingly costly) defenses. The latest generation of ­malware includes deviously creative evasive techniques crafted to exploit ambiguities in the Internet’s underlying technology, flaws in network software stacks, and limitations of security appliances. In this report, we discuss these techniques, how IT teams can test their level of exposure, and how to detect and block attacks using advanced packet normalization.

Advanced Evasion Techniques for Dummies

Welcome to Advanced Evasion Techniques For Dummies, your guide to the security evasion techniques that have become a serious preoccupation of the IT industry.

Solution Briefs

Advanced Threat Defense for Next-Generation Firewalls

Next-generation firewalls certainly offer expanded network security for branch offices and remote locations, but they can’t find and block stealthy, advanced malware. Through the Security Connected approach from McAfee, Advanced Threat Defense and McAfee Next Generation Firewall work hand-in-hand to find and freeze today’s evasive and targeted cyberattacks.

McAfee Next Generation Firewall: Services solutions for Managed Service Providers (MSP)

With threats from cyberattacks on the rise and access to advanced skill sets in short supply, organizations are looking to Managed Service Providers to outsource and fill the gap. McAfee Next Generation Firewall offers the advanced security, flexibility, and multitenant control needed to protect businesses while growing yours.

White Papers

Calculating the Business Value of Next Generation Firewall — IDC

This white paper articulates the business benefits derived by companies that have deployed a NGFW solution. The data is based on in–depth interviews with eight McAfee customers. These companies were mostly large organizations with an average employee base of 7,082. Interviewees came from a variety of industries — energy, financial services, manufacturing, retail, service provider, technology, and education.

Demand More of Your Next-Generation Firewall

Get intelligence-aware capabilities that encompass your entire network security infrastructure.

Conquer the Top 20 Critical Security Controls

The strength of the Critical Security Controls (CSCs) is their ability to reflect the consensus of successful experiences captured and refined over multiple revisions. The CSCs help organizations break down operational silos by providing a pragmatic blueprint detailing where to focus efforts to achieve the greatest results. This white paper maps the quick wins within the first five CSCs to associated McAfee products, services, and partner solution capabilities — all part of the Security Connected platform.

Network Management and Operational Efficiency

In this white paper, we look at how McAfee Security Management Center, which is included in McAfee Next Generation Firewall, enables IT administrators to be more efficient, especially as their networks increase in complexity. Simple, scalable, and cost effective, McAfee Security Management Center has received consistently high customer satisfaction ratings over the past 10 years.

Next-Generation Availability and Scalability

In today’s dynamic economic climate, network availability and performance is more important than ever before. An enterprise’s success is dependent on a well-functioning, secure network. Instead of a bolt-on approach to network security, built-in network availability and performance solutions such as McAfee Next Generation Firewall can simplify network security while boosting performance and keeping costs down.

Protect Against Advanced Evasion Techniques — Essential Design Principles

Cybercriminals are increasingly exploiting vulnerabilities in network security systems at a greater rate than ever before. Learn how to protect against advanced evasion techniques (AETs) and avoid becoming a victim.

Augmented VPN

McAfee Augmented VPN provides a simple and cost-effective way to create fast, secure, high-capacity connections between sites and ensure uninterrupted Internet connectivity. This white paper examines challenges faced by companies using traditional VPN solutions, and outlines how the McAfee Augmented VPN solution addresses those issues.

McAfee Multi-Link

McAfee Multi-Link technology, built in to McAfee Next Generation Firewall, provides highly available Internet connectivity in a simple, straightforward, and cost-effective manner.