McAfee Firewall Enterprise - Advanced Network Firewall Security

McAfee Firewall Enterprise

Proxy-based firewall designed for the world’s highest security networks

Next Steps:


McAfee Firewall Enterprise defends critical assets, such as regulated data repositories (customer, financial, and healthcare data), email and web servers, extranets, and data centers. This proxy-based firewall also offers application visibility and deep application controls for defense, delivers strong policy-based controls, blocks the latest threats, and eliminates unwanted traffic. Firewall Enterprise identifies users and sees the host applications actually used to initiate network connections. A first for the network security industry, this unique host and firewall integration works to identify potential anomalies and threats throughout the inside of an organization’s network.

Advanced firewall security capabilities, such as application identification, reputation-based global intelligence, automated threat feeds, encrypted traffic inspection (SSH/SSL), intrusion prevention, antivirus, and content/URL filtering, block attacks before they occur. Unlike other solutions, McAfee includes these additional security services at no additional charge.

Firewall Enterprise also includes enhanced firewall security powered by McAfee Global Threat Intelligence (GTI). McAfee GTI is a comprehensive cloud-based threat intelligence service. Already integrated into McAfee security products, it works in real time, 24 hours a day, to protect customers against cyberthreats across all vectors — file, web, message, and network. McAfee GTI offers the broadest threat data, most robust data correlation, and most complete product integration in the industry. McAfee’s GTI network allows enabled products to evaluate threats on multiple vectors in real time, leading to faster identification of threats and higher capture rates. Firewall Enterprise uses the McAfee GTI network connection reputation service to identify domains, IP addresses, and ports that may be hosting malware attacks, and block those attacks. Firewall Enterprise also uses web reputation to identify URLs that may be infected or hosting malware attacks, as well as sites hosting undesirable content.

McAfee also offers proven centralized management, right-click integration with ePolicy Orchestrator (McAfee ePO) software for endpoint data and mature migration tools to move from legacy firewalls to ours. Firewall Enterprise fully supports McAfee’s SIEM solutions too, including McAfee Enterprise Security Manager and McAfee Event Reporter, providing customizable views and reports for all firewalls across a customer’s global network. This high-assurance firewall solution offers very flexible deployment options — from virtualized software to custom-built hardware to availability on the Crossbeam high-performance platform and running on CloudShield’s trusted cyber platform. Firewall Enterprise is a best fit for organizations that need high-assurance security to protect critical assets inside the network as part of a layered defense strategy.

McAfee Firewall Enterprise Control Center (sold separately) — Offers centralized, enterprise-class network firewall policy management for global-scale deployments.

Features & Benefits

Consolidate security, leverage high-assurance features

Put the network firewall in charge of security again with integrated comprehensive network gateway protection technology, including:

  • Scalable policy enforcement (includes granular user and application controls)
  • IP reputation
  • Geo-location
  • Encrypted traffic inspection (SSH/SSL)
  • Antimalware
  • URL/web filtering
  • Antivirus
  • Network intrusion prevention
Restore policy compliance in the network

Establish control over network applications and ensure alignment with compliance requirements. Allow administrators to quickly and efficiently apply application and user-based policies written in business terms (e.g., a marketing manager can access Facebook apps, but a financial controller cannot). Also, gain visibility into rules that might impact existing rules, avoiding conflicts and duplication.

Use AppPrism for application controls

Discover, control, visualize, and protect thousands of network applications. With AppPrism, you can gain individual application function control within the application. You can use AppPrism at the group level, or at a very granular per user per application level.

Integrate with existing identity infrastructure

Align your firewall security rules directly with organizational policy statements. Integration with existing network identity infrastructure enables simple deployment while aligning network security with the organization system of record. With McAfee’s Network Integrity Agent, the firewall not only shows you who initiates a session (even within VDI environments), but identifies the host application they actually used to initiate the session. This provides increased visibility into potential anomalies and threats within your network.

Leverage millions of sensors worldwide

Harness the power of 100 million sensors worldwide, providing real-time threat feeds to deliver predictive and pro-active security protection. Greatly reduce your time to protection with automated threat feeds that are delivered without taking the network firewall offline.

Identify firewall rule optimizations

Simplify the firewall’s policy in real time. Eliminate the hours spent looking for overlapping, conflicting, or inactive rules. The intuitive interface immediately identifies firewall rule optimizations, as you modify or construct rules. This high-assurance solution also delivers mature rule migration tools to help migrate from existing and legacy firewalls to McAfee Firewall Enterprise.

Optimize rules management

Centrally manage from a handful up to thousands of firewalls regardless of software version, virtual or physical firewalls, or running different platforms, including Crossbeam or CloudShield. You can also generate reports, create rules, and selectively apply antivirus, IPS signatures, URL filtering, and more from a single screen. In addition, you can correlate firewall rules to users and applications to ease planning and network troubleshooting. Integration with McAfee ePolicy Orchestrator (McAfee ePO) software provides a holistic view of firewall health information and an understanding of desktop and server security posture. Integration with McAfee’s SIEM solutions provides customizable views and reports for all of the firewalls within an organization.

Provide security throughout the network

Deploy robust, flexible, and scalable security across your network, precisely where it’s needed with McAfee’s diverse set of powerful platforms. McAfee’s custom-built network appliances and availability to run on Crossbeam’s X-Series platforms address all performance and port density requirements, providing up to 58 Gbps of inspected traffic throughput. Deploy network security with confidence in untrusted environments by running McAfee Firewall Enterprise on the CloudShield CS-4000 trusted cyber platform. Multi-firewall appliances can consolidate up to 32 traditional standalone firewalls into a single, easy-to-manage, and cost-effective appliance. Our firewall virtual appliances secure intra-VM traffic among hosted machines within VMware ESX servers.

System Specifications

Hardware Specifications1 S1104 S2008 S3008 S4016 S5032 S6032
Form factor Small 1U 1U 1U Enterprise 1U Enterprise 2U Enterprise 2U
Unlimited user licenses Yes Yes Yes Yes Yes Yes
Recommended users 200 300 600 Med–Large3 Med–Large3 Large3
RAID N/A N/A N/A Yes Yes Yes
Maximum network modules N/A N/A N/A 1 3 3
1 Gb copper interfaces
4 8 8 8/16 8/32 8/32
1 Gb fiber interface option (max) N/A N/A N/A 8 24 24
10 Gb fiber interface option (max) N/A N/A N/A 6 18 18
Encrypted filtering acceleration N/A N/A Integrated Integrated Integrated Integrated
Out of band management (status, temp, voltage,
on/off, etc)
Serial Console Only Serial Console Only Yes Yes Yes Yes
Regulatory compliance BSMI (Taiwan), MIC/KCC (Korea), C-Tick (Australia/NZ), VCCI (Japan), FCC (U.S.), UL (U.S.), CSA (Canada), ICES (Canada), CE (EU), GOST R (Russia), CCC (China), SABS (South Africa), IRAM (Argentina), NOM (Mexico)
Firewall performance (max)2 750 Mbps 2.0 Gbps 4.0 Gbps 9.0 Gbps 12.0 Gbps 15.0 Gbps
Threat prevention2 250 Mbps 1.0 Gbps 2.0 Gbps 3.0 Gbps 5.0 Gbps 6.0 Gbps
McAfee AppPrism2 250 Mbps 1.0 Gbps 2.0 Gbps 7.5 Gbps 10.0 Gbps 12.0 Gbps
Concurrent sessions2 200,000 500,000 750,000 1,500,000 3,000,000 4,000,000
New sessions per second2 5,000 15,000 20,000 35,000 50,000 70,000
IPSec VPN throughput (AES)2 60 Mbps 250 Mbps 350 Mbps 400 Mbps 450 Mbps 500 Mbps
IPSec VPN max # of tunnels2 250 1,000 2,000 4,000 8,000 10,000
Dimensions, weight, environmental
Width 16.9 in
42.93 cm
16.9 in
42.93 cm
16.9 in
42.93 cm
17.2 in
43.8 cm
18.9 in
48.04 cm
18.9 in
48.04 cm
Depth 8.5 in
21.59 cm
28.0 in
71.12 cm
28.0 in
71.12 cm
24.4 in
61.87 cm
30.0 in
76.21 cm
30.0 in
76.21 cm
Height 1.7 in
4.32 cm
1.7 in
4.32 cm
1.7 in
4.32 cm
1.7 in
4.32 cm
3.4 in
8.71 cm
3.4 in
8.71 cm
Weight 10.93 lbs
4.96 kg
25 lbs
11.34 kg
25 lbs
11.34 kg
22 lbs
9.98 kg
40 lbs 18.14 kg 40 lbs 18.14 kg
Power supply details 100 W
110/220 V
350 W
110/220 V
350 W
110/220 V
Dual 400 W
110/220 V
Dual 750 W
110/220 V
Dual 750 W
110/220 V
Operating temperature 10ºC–35ºC

1. All specification and performance results are based on the S-series of appliances.
2. V8 performance data represents the maximum capabilities of the systems as measured under optimal testing conditions. Deployment and policy considerations may impact performance results.
3. Please contact your McAfee representative to determine proper sizing for your needs.
4. Maximum of 2 network modules supported (of any type), maximum of one 10 Gb network module supported
(with a maximum of 4 transceivers populated).

Demos / Tutorials


Learn more about the features of McAfee Firewall Enterprise, including rule creation and web application protection, in this Quick Tips video series.

Awards / Reviews

CRN Ranks McAfee in their 2013 Top 25 Best Companies to Partner With
CRN Ranks McAfee in their 2013 Top 25 Best Companies to Partner With

Ranked by IT solution providers (SPs), CRN Research ranks the Top 25 must-have technology suppliers from a list of nearly 230 companies in 12 product categories that SPs need to consider when formalizing their partnerships today and for the future. 1,000 unique SPs of all types and sizes were surveyed.

Customer Stories


Ameresco protects remote plants with McAfee UTM Firewall.

  • Remote operation saved hundreds of hours each year
  • Firewall-to-firewall IPSec VPN tunneling enabled secure multilocation data exchange
  • Simple GUI and excellent uptime performance made part-time security officer a reality

Baptist Health

Baptist Health protects patient data and enforces internal Internet-use policies with McAfee Firewall Enterprise and McAfee SmartFilter, keeping employees productive and compliant.

  • McAfee Firewall Enterprise secured the network, including critical business applications
  • McAfee SmartFilter allowed enforcement of Internet usage policy, ensuring efficient and productive web access from users on the inside

County of Orange, California

Comprehensive McAfee web and email security solutions help County of Orange dramatically reduce spam levels and lower email administration costs.

  • Provided unified threat management and integration between all security products, enabling an end-to-end solution with enterprise-class security
  • Correctly identified 97% of email as spam and dropped it at the edge of the network

Frontier Airlines

McAfee provides a secure, reliable, and scalable network to fast-growing Frontier Airlines.

  • Secured a scalable, manageable enterprise firewall solution
  • Defended against all known and unknown threats, both inbound and outbound
  • Implemented greater control over network and application traffic both within the core network and at remote locations

Major Urban Utility Company

For more than a decade, a major urban utility has utilized McAfee Firewall Enterprise Edition to protect critical control systems.

  • Allowed Independent Systems Operator (ISO) networks to interconnect without jeopardizing the control network
  • Conducted vulnerability tests and confirmed that McAfee Firewall Enterprise Edition cannot be penetrated
  • Permitted patches and upgrades to be delayed without a risk to security
  • Ensured the ability to add a new rule in minutes

MidWestOne Financial Group

McAfee Firewall Enterprise, McAfee Web Gateway, and McAfee Email Gateway provide the foundation for MidWestOne’s Internet security strategy.

  • Comprehensive inbound threat protection and outbound data loss prevention for 250 email users
  • Strong antivirus protection for 550 desktops and laptops
  • Centrally managed security infrastructure through “single pane of glass” with McAfee ePO software
  • Significantly reduces helpdesk calls for spyware infections by half
  • Creates an improved standing with auditors and regulators

NYC Department of IT and Telecommunications

NYC Department of IT and Telecommunications uses McAfee for for vulnerability management, endpoint encryption, and other areas of security functionality.

  • Increased protection with a savings of $18 million
  • Provided centralized control across highly distributed IT environment


McAfee Firewall Enterprise prepares PlantCML to defend against new threats in the next generation of 911 VoIP-based call centers.

  • Protected critical emergency service infrastructures from possible sabotage
  • Secured unbreakable protection for the next generation of IP-based emergency call centers
  • Established secure connections between customers and the network operations center

Public Utility District, United States

McAfee strengthens the network perimeter for this large public utility district.

  • Prevented 30,000 – 50,000 unwanted emails from entering the network each day
  • Increased user productivity without jeopardizing security
  • Provided strong security for both corporate IT and critical infrastructure networks
  • Protected against blended Internet and insider threats
  • Improved efficiency for the IT department, reducing administration, overhead, and costs

SIM University

SIM University uses McAfee Firewall Enterprise to protect its data center.

  • Provide a multilayered defense against security threats
  • Amplify network bandwidth and dramatically improve throughput
  • Increase availability of learning management system to more than 99.9 percent
  • Free up IT administration time of security staff


Data Sheets

McAfee Firewall Management

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Firewall Enterprise on CloudShield

For a technical summary on the McAfee product listed above, please view the product data sheet.

McAfee Firewall Enterprise — Army Information Assurance Approved Products List

For a technical summary on the McAfee product listed above, please view the product data sheet.

Solution Briefs

Ensure Compliance and Automate Change Management of McAfee Enterprise Firewalls

The combination of McAfee Firewall Enterprise and Skybox Firewall Assurance, Skybox Network Assurance, and Skybox Change Manager continuously validate that your McAfee Firewall Enterprise solutions are optimally and securely configured to ensure continuous compliance, block unauthorized activity, and securely automate change management.

Simplify Management of Complex Firewall Policies

AlgoSec Security Management Suite automates the analysis of McAfee Firewall Enterprise policies to ensure they are optimized, compliant, and securely configured.

Eight “Must-Have” Firewall Rules

Centralize firewall management and keep unwanted traffic off your network.

McAfee Firewall Enterprise Virtualization Solutions

The unparalleled security you’re accustomed to in McAfee Firewall Enterprise (Sidewinder) is now available in two additional delivery formats. The first is McAfee Firewall Enterprise, Virtual Appliance. The second is McAfee Firewall Enterprise, Multi-Firewall Edition, provided in partnership with VMware.

White Papers

Solving Critical Challenges of the Virtualized Data Center

Brocade and McAfee have partnered on a portfolio of offerings that seamlessly blend network innovations and security management to address the challenges of both physical and virtual environments.




McAfee Communities : All Content - Firewall Enterprise (Sidewinder)