McAfee Firewall Enterprise - Advanced Network Firewall Security

McAfee Firewall Enterprise

Proxy-based firewall designed for the world’s highest security networks

Next Steps:

Overview

McAfee Firewall Enterprise defends critical assets, such as regulated data repositories (customer, financial, and healthcare data), email and web servers, extranets, and data centers. This proxy-based firewall also offers application visibility and deep application controls for defense, delivers strong policy-based controls, blocks the latest threats, and eliminates unwanted traffic. Firewall Enterprise identifies users and sees the host applications actually used to initiate network connections. A first for the network security industry, this unique host and firewall integration works to identify potential anomalies and threats throughout the inside of an organization’s network.

Advanced firewall security capabilities, such as application identification, reputation-based global intelligence, automated threat feeds, encrypted traffic inspection (SSH/SSL), intrusion prevention, antivirus, and content/URL filtering, block attacks before they occur. Unlike other solutions, McAfee includes these additional security services at no additional charge.

Firewall Enterprise also includes enhanced firewall security powered by McAfee Global Threat Intelligence (GTI). McAfee GTI is a comprehensive cloud-based threat intelligence service. Already integrated into McAfee security products, it works in real time, 24 hours a day, to protect customers against cyberthreats across all vectors — file, web, message, and network. McAfee GTI offers the broadest threat data, most robust data correlation, and most complete product integration in the industry. McAfee’s GTI network allows enabled products to evaluate threats on multiple vectors in real time, leading to faster identification of threats and higher capture rates. Firewall Enterprise uses the McAfee GTI network connection reputation service to identify domains, IP addresses, and ports that may be hosting malware attacks, and block those attacks. Firewall Enterprise also uses web reputation to identify URLs that may be infected or hosting malware attacks, as well as sites hosting undesirable content.

McAfee also offers proven centralized management, right-click integration with ePolicy Orchestrator (McAfee ePO) software for endpoint data and mature migration tools to move from legacy firewalls to ours. Firewall Enterprise fully supports McAfee’s SIEM solutions too, including McAfee Enterprise Security Manager and McAfee Event Reporter, providing customizable views and reports for all firewalls across a customer’s global network. This high-assurance firewall solution offers very flexible deployment options — from virtualized software to custom-built hardware to availability on the Crossbeam high-performance platform and running on CloudShield’s trusted cyber platform. Firewall Enterprise is a best fit for organizations that need high-assurance security to protect critical assets inside the network as part of a layered defense strategy.

McAfee Firewall Enterprise Control Center (sold separately) — Offers centralized, enterprise-class network firewall policy management for global-scale deployments.

Features & Benefits

Consolidate security, leverage high-assurance features

Put the network firewall in charge of security again with integrated comprehensive network gateway protection technology, including:

  • Scalable policy enforcement (includes granular user and application controls)
  • IP reputation
  • Geo-location
  • Encrypted traffic inspection (SSH/SSL)
  • Antimalware
  • URL/web filtering
  • Antivirus
  • Network intrusion prevention
Restore policy compliance in the network

Establish control over network applications and ensure alignment with compliance requirements. Allow administrators to quickly and efficiently apply application and user-based policies written in business terms (e.g., a marketing manager can access Facebook apps, but a financial controller cannot). Also, gain visibility into rules that might impact existing rules, avoiding conflicts and duplication.

Use AppPrism for application controls

Discover, control, visualize, and protect thousands of network applications. With AppPrism, you can gain individual application function control within the application. You can use AppPrism at the group level, or at a very granular per user per application level.

Integrate with existing identity infrastructure

Align your firewall security rules directly with organizational policy statements. Integration with existing network identity infrastructure enables simple deployment while aligning network security with the organization system of record. With McAfee’s Network Integrity Agent, the firewall not only shows you who initiates a session (even within VDI environments), but identifies the host application they actually used to initiate the session. This provides increased visibility into potential anomalies and threats within your network.

Leverage millions of sensors worldwide

Harness the power of 100 million sensors worldwide, providing real-time threat feeds to deliver predictive and pro-active security protection. Greatly reduce your time to protection with automated threat feeds that are delivered without taking the network firewall offline.

Identify firewall rule optimizations

Simplify the firewall’s policy in real time. Eliminate the hours spent looking for overlapping, conflicting, or inactive rules. The intuitive interface immediately identifies firewall rule optimizations, as you modify or construct rules. This high-assurance solution also delivers mature rule migration tools to help migrate from existing and legacy firewalls to McAfee Firewall Enterprise.

Optimize rules management

Centrally manage from a handful up to thousands of firewalls regardless of software version, virtual or physical firewalls, or running different platforms, including Crossbeam or CloudShield. You can also generate reports, create rules, and selectively apply antivirus, IPS signatures, URL filtering, and more from a single screen. In addition, you can correlate firewall rules to users and applications to ease planning and network troubleshooting. Integration with McAfee ePolicy Orchestrator (McAfee ePO) software provides a holistic view of firewall health information and an understanding of desktop and server security posture. Integration with McAfee’s SIEM solutions provides customizable views and reports for all of the firewalls within an organization.

Provide security throughout the network

Deploy robust, flexible, and scalable security across your network, precisely where it’s needed with McAfee’s diverse set of powerful platforms. McAfee’s custom-built network appliances and availability to run on Crossbeam’s X-Series platforms address all performance and port density requirements, providing up to 58 Gbps of inspected traffic throughput. Deploy network security with confidence in untrusted environments by running McAfee Firewall Enterprise on the CloudShield CS-4000 trusted cyber platform. Multi-firewall appliances can consolidate up to 32 traditional standalone firewalls into a single, easy-to-manage, and cost-effective appliance. Our firewall virtual appliances secure intra-VM traffic among hosted machines within VMware ESX servers.

System Specifications

Hardware Specifications1 S1104 S2008 S3008 S4016 S5032 S6032
Form factor Small 1U 1U 1U Enterprise 1U Enterprise 2U Enterprise 2U
Unlimited user licenses Yes Yes Yes Yes Yes Yes
Recommended users 200 300 600 Med–Large3 Med–Large3 Large3
RAID N/A N/A N/A Yes Yes Yes
Maximum network modules N/A N/A N/A 1 3 3
1 Gb copper interfaces
(base/max)
4 8 8 8/16 8/32 8/32
1 Gb fiber interface option (max) N/A N/A N/A 8 24 24
10 Gb fiber interface option (max) N/A N/A N/A 6 18 18
Encrypted filtering acceleration N/A N/A Integrated Integrated Integrated Integrated
Out of band management (status, temp, voltage,
on/off, etc)
Serial Console Only Serial Console Only Yes Yes Yes Yes
Regulatory compliance BSMI (Taiwan), MIC/KCC (Korea), C-Tick (Australia/NZ), VCCI (Japan), FCC (U.S.), UL (U.S.), CSA (Canada), ICES (Canada), CE (EU), GOST R (Russia), CCC (China), SABS (South Africa), IRAM (Argentina), NOM (Mexico)
Performance1
Firewall performance (max)2 750 Mbps 2.0 Gbps 4.0 Gbps 9.0 Gbps 12.0 Gbps 15.0 Gbps
Threat prevention2 250 Mbps 1.0 Gbps 2.0 Gbps 3.0 Gbps 5.0 Gbps 6.0 Gbps
McAfee AppPrism2 250 Mbps 1.0 Gbps 2.0 Gbps 7.5 Gbps 10.0 Gbps 12.0 Gbps
Concurrent sessions2 200,000 500,000 750,000 1,500,000 3,000,000 4,000,000
New sessions per second2 5,000 15,000 20,000 35,000 50,000 70,000
IPSec VPN throughput (AES)2 60 Mbps 250 Mbps 350 Mbps 400 Mbps 450 Mbps 500 Mbps
IPSec VPN max # of tunnels2 250 1,000 2,000 4,000 8,000 10,000
Dimensions, weight, environmental
Width 16.9 in
42.93 cm
16.9 in
42.93 cm
16.9 in
42.93 cm
17.2 in
43.8 cm
18.9 in
48.04 cm
18.9 in
48.04 cm
Depth 8.5 in
21.59 cm
28.0 in
71.12 cm
28.0 in
71.12 cm
24.4 in
61.87 cm
30.0 in
76.21 cm
30.0 in
76.21 cm
Height 1.7 in
4.32 cm
1.7 in
4.32 cm
1.7 in
4.32 cm
1.7 in
4.32 cm
3.4 in
8.71 cm
3.4 in
8.71 cm
Weight 10.93 lbs
4.96 kg
25 lbs
11.34 kg
25 lbs
11.34 kg
22 lbs
9.98 kg
40 lbs 18.14 kg 40 lbs 18.14 kg
Power supply details 100 W
110/220 V
350 W
110/220 V
350 W
110/220 V
Dual 400 W
110/220 V
Dual 750 W
110/220 V
Dual 750 W
110/220 V
Operating temperature 10ºC–35ºC
50ºF–95ºF
10ºC–35ºC
50ºF–95ºF
10ºC–35ºC
50ºF–95ºF
10ºC–35ºC
50ºF–95ºF
10ºC–35ºC
50ºF–95ºF
10ºC–35ºC
50ºF–95ºF


1. All specification and performance results are based on the S-series of appliances.
2. V8 performance data represents the maximum capabilities of the systems as measured under optimal testing conditions. Deployment and policy considerations may impact performance results.
3. Please contact your McAfee representative to determine proper sizing for your needs.
4. Maximum of 2 network modules supported (of any type), maximum of one 10 Gb network module supported
(with a maximum of 4 transceivers populated).

Demos / Tutorials

Tutorials

Learn more about the features of McAfee Firewall Enterprise, including rule creation and web application protection, in this Quick Tips video series.

Awards / Reviews

CRN Ranks McAfee in their 2013 Top 25 Best Companies to Partner With
CRN Ranks McAfee in their 2013 Top 25 Best Companies to Partner With

Ranked by IT solution providers (SPs), CRN Research ranks the Top 25 must-have technology suppliers from a list of nearly 230 companies in 12 product categories that SPs need to consider when formalizing their partnerships today and for the future. 1,000 unique SPs of all types and sizes were surveyed.

Community

Blogs