McAfee Next Generation Firewall

McAfee Next Generation Firewall

Unified, modular security built for manageability, anti-evasion, and high availability

Next Steps:


McAfee Next Generation Firewall integrates visionary security features with high availability and manageability, delivering advanced network protection across your entire enterprise — from corporate headquarters and branch sites to data centers and the network edge.

Combining application control, intrusion prevention system (IPS), and evasion prevention into a single, affordable solution, it is the only next-generation firewall solution to unite anti-evasion security with enterprise-scale availability, manageability, and flexibility so you can deploy security when and where you need it.

Unified software core — Add security features and capacity, without disrupting your network. With McAfee Next Generation Firewall, a single system design serves multiple roles — next-generation firewall, Layer 2 firewall, firewall/VPN, IPS, remote access gateway, and application control. Integrate multiple security capabilities in a single device, with a single management environment, yet pay only for what you use. Get started with a low initial purchase price, and expand capabilities as needed while keeping TCO low.

Protection against advanced evasion techniques — Get built-in defense against a new class of sophisticated attacks. McAfee Next Generation Firewall analyzes the content in the data stream to protect against known and unknown evasion techniques, even when they are applied on multiple protocol levels, increasing protection against advanced persistent threats and other undesirable traffic.

Centralized management — A single, powerful management platform centrally controls all of the firewalls throughout your corporate infrastructure and remote sites, increasing management efficiency and lowering TCO. Administrators can easily build and apply rules for complex environments — including software, physical, or virtual devices. Actionable reports and a single management system provide real-time visibility into your security posture.

High availability and scalability — Support the security demands of data centers that must deliver uninterrupted uptime and protection. Built-in traffic load balancing and clustering capabilities allow for native active-active clustering and load balancing for up to 16 nodes, where nodes can be different models and different OS that support operating speeds up to 120 Gbps — without requiring a third-party clustering or load balancing product. This flexible design delivers high availability and high throughput.

Additional Resources

Features & Benefits

Deploy security as you need it

Choose from software, physical, and virtual appliances to match every budget and network architecture. IPv6 support is also available. With just a change in license keys, pick and choose security roles on the same platform: Next Generation Firewall, Evasion Prevention System (EPS), IPS, Layer 2 firewall, and firewall/VPN.

Maintain high availability

Native active-active clustering and load balancing of up to 16 appliances, running different models and software versions within the same cluster, provides scalability and high availability in demanding data center environments and situations where processing-intensive security applications, such as deep inspection or VPNs, require more performance.

User application controls to manage network usage

Define fine-grained application usage policies based on user or user group, traffic type, target or source IP address, interface or domain name, time, and day of the week to better manage network bandwidth and enforce appropriate usage policies.

Block advanced evasion techniques (AETs)

Defend against sophisticated AETs, typically used by attackers to obtain access into protected networks and launch advanced persistent threats. Always up to date, this layer of protection is critical to stop emerging network-based attacks that can bypass most security solutions by distributing payloads across multiple protocols.

Manage more with less

Use a single, powerful, and highly scalable management console for expanded visibility into your entire network. Centralized management reduces operational costs and eliminates chaos by unifying control of network security devices in the data center, at remote sites, and throughout the corporate infrastructure.

Management System

McAfee Security Management Center

With the McAfee Security Management Center, you see the big picture across your distributed network, while lowering operational costs. Our easy-to-deploy, intuitive, and scalable centralized management platform provides unparalleled situational awareness of critical network security events. Easy-to-use advanced visualizations inform you of what is happening in your network, including where attacks are coming from, active sessions, anomalous traffic, and more. McAfee Security Management Center provides control across a variety of McAfee Next Generation Firewall hardware, software, and virtual devices throughout your enterprise — enabling consistent protection and efficient maintenance for branch sites, internal network segments, and data centers.

Lower total cost of ownership
Manage more with fewer resources. With McAfee Security Management Center, you can automate routine tasks, reuse policies, and utilize numerous shortcuts, saving time and money. All tasks, including initial deployments, can be performed through the centralized management console — streamlining configuration, maintenance, and support.

Efficiency gains
Seamless workflows speed administrators through daily security management with our intuitive interface. Quickly and easily drill down into policies, logs, and reports. And, the more distributed the environment, with multiple firewalls, the more efficiency gained from reusable policies and tasks, unified monitoring, and centralized reporting.

Situational awareness
A picture can tell more than a thousand words. With easily accessible and recallable statistical reports and visualizations, McAfee Security Management Center will help you understand your entire environment, highlighting any anomalies found.

System Requirements

For a complete list of system requirements, download the data sheet.

McAfee Next Generation Firewall Specifications

  • IP address assignment
    • FW clusters: Static, IPv4, IPv6
    • FW single nodes: static, DHCP, PPPoA, PPPoE, IPv4, static IPv6
    • Services: DHCP Server and DHCP relay for IPv4
  • Address translation
    • IPv4, IPv6
    • Static NAT, source NAT with Port Address Translation (PAT), Destination NAT with PAT
  • Routing
    • Static IPv4 and IPv6 routes, policy-based routing, static multicast routing
  • Dynamic routing
    • IGMP proxy, RIPv2, OSPFv2,BGP, PIM-SM
  • IPv6
    • Dual stack IPv4/IPv6, ICMPv6, DNSv6
  • SIP
    • Allows RTP media streams dynamically, NAT traversal, deep inspection, interoperability with RFC3261 compliant SIP devices
  • CIS redirection
    • HTTP, FTP, SMTP protocols redirection to Content Inspection Server (CIS)
  • Antivirus (subscription required)
  • Scanned protocols
  • Engine
    • File-based, local signature database, automatic real-time updates
    • Antispam (subscription required)
    • Scanned protocols
    • Engine
    • Filtering methods
  • SMTP
    • Scoring-based spam detection
    • Customizable email envelope/header/content matching
    • Local antispoofing and relay
    • Honeypot filtering
    • SPF/MX record matching
    • DNS-based blacklists

General System Specifications

  • Supported Platforms
    • McAfee Appliances: 1035, 1065, 1302, 3202, 3206, 5206 appliances
    • Software Appliance: X86-based systems
    • Virtual Appliance: VMware ESX virtualization platforms
  • Supported Roles
    • Firewall/VPN (layer 3), IPS/IDS (layer 2), Layer 2 Firewall

Firewall/VPN-Specific Functionality

  • General
    • Stateful and stateless packet filtering, circuit-level firewall with TCP proxy protocol agent
  • Platform Certifications
    • VPN Consortium (VPNC) interoperability certified: Basic, AES, certification, IKEv2, and IPv6
    • ICSA Labs: Network IPS, Network Firewall, IPv6, High Availability, USGv6
    • VMware: Virtual appliance VMware ready certified
    • Q1Labs Log Event Enhanced Format (LEEF) certified
    • Microsoft IPSec VPN client certified for Windows Vista, Compatible with Windows 7

Awards & Reviews

NSS Labs
NSS Labs 2013 Next Generation Firewall Group Test “Recommended”

McAfee Next Generation Firewall (formerly Stonesoft FW-3202) received a "Recommended" rating in NSS Labs’ Next Generation Firewall (NGFW) Group Test. This is the second consecutive "Recommend" rating for NGFW.

NSS Labs
NSS Labs 2013 Network Firewall Group Test “Recommended”

McAfee Next Generation Firewall (formerly Stonesoft FW-1301) earned a "Recommended" rating in NSS Labs’ Network Firewall Group Test. In the thorough testing process, the product performed 100% for stability and reliability, firewall enforcement, and security effectiveness.

McAfee (Formerly Stonesoft) Positioned in the Visionaries Quadrant of the Gartner Magic Quadrant for Enterprise Network Firewalls

Gartner placed Stonesoft, now a part of McAfee, in the Visionaries Quadrant of its report, “Magic Quadrant for Enterprise Network Firewalls” published February 7, 2013. The evaluation in Gartner’s Magic Quadrant is based on completeness of vision and ability to execute. The report analyzes various vendors' strengths and weaknesses, and is essential reading for network security professionals.

Product Modules

McAfee Firewall/VPN

McAfee Firewall/VPN delivers optimum high availability, network security, and business continuity, all centrally managed by McAfee Security Management Center, to meet the needs of your distributed enterprise. McAfee Firewall/VPN creates a protective perimeter around your company, preventing attacks and securing your data communications, in an easy-to-deploy and manage solution.

McAfee Firewall/VPN is built with the unified software core of McAfee Next Generation Firewall. So, as your business grows, your firewall can be easily upgraded and augmented with additional features, functions, and capabilities with a simple change of your license key.

High availability
Unique technologies provide your enterprise with always-on connectivity, resulting in uninterrupted protection with zero downtime. Update and upgrade at any time without service connection breaks. Learn more about our high availability technologies.

Advanced security
McAfee Firewall/VPN utilizes multilayer inspection technology for detecting and blocking the advanced stealth cyberattack methods that easily bypass many network security devices. McAfee Firewall/VPN is hardened with strong encryption to meet the most demanding security requirements.

Easy to manage
McAfee appliances are administered via the Security Management Center, saving you time and money.  Plug-and-play deployments, task automation, policy replication, and advanced visualizations help streamline administration and simplify tasks.


McAfee Next Generation Firewall integrates industry-leading technologies to provide top performance, advanced threat protection, and seamless deployment. Learn more about each of these technologies below, or see all integrated technologies.

News / Events


Data Sheets

McAfee Next Generation Firewall

For a technical summary on the McAfee product integration listed above, please view the product data sheet.

McAfee Next Generation Firewall Appliance Comparison

Download a technical comparison of all McAfee Next Generation Firewall appliances.

McAfee Firewall/VPN

For a technical summary on the McAfee product integration listed above, please view the product data sheet.

McAfee Next Generation Firewall Roles and Licensing Options

For technical specifications on the McAfee product listed above, please view the product data sheet.

McAfee Next Generation Firewall Modules

For technical specifications on the McAfee product listed above, please view the product data sheet.

McAfee Firewall/VPN Appliance Comparison

Download a technical comparison of all McAfee Firewall/VPN appliances.

McAfee Security Management Center

For a technical summary on the McAfee product integration listed above, please view the product data sheet.

McAfee Next Generation Firewall MIL-320

For technical specifications on the McAfee product listed above, please view the product data sheet.

Additional Subscriptions for McAfee Next Generation Firewall

For technical specifications on the McAfee product listed above, please view the product data sheet.

McAfee Virtual Contexts

For technical specifications on the McAfee product listed above, please view the product data sheet.

McAfee Next Generation Firewall S-Model Appliance Specifications

Find detailed technical specifications for six models of the McAfee Next Generation Firewall S-series.

Design & Implementation

McAfee Next Generation Firewall: Design and Implementation Guide

The McAfee Next Generation Firewall Design and Implementation Guide provides best practice designs and configuration steps for some of the most common use cases that enterprises will encounter.


Does Your Firewall Pass the Test?

ESG Labs designed four tests to represent the major challenges that network administrators face in their day-to-day work, and McAfee Next Generation Firewall passed them all.

Legacy Products

McAfee Next Generation Firewall Specification Sheet - Legacy Products

This data sheet includes a list of the latest supported software versions, supported feature packs, supported interface modules, and end-of-support and end-of-life dates for legacy Next Generation Firewall products.


McAfee Next Generation Firewall: Optimize Your Defense, Resilience, and Efficiency

This eBook provides an in-depth overview of the features and benefits of the technologies within McAfee Next Generation Firewall.

NSS Labs Next Generation Firewall Product Analysis — NGF-1402 v5.7.1

McAfee Next Generation Firewall awarded NSS Labs’ “Recommended” for the third year in a row.

What's Next: Industry Experts Speak Out on Advanced Evasion Techniques (Europe)

Find out what industry experts from the US and Europe are saying about advanced evasion techniques (AETs). You’ll learn why they are growing concern, why technology alone is not enough to keep them in check, and how they will shape the future of enterprise security.

SANS Report – Advanced Network Protection with McAfee Next Generation Firewall

Evaluating next generation firewalls? See what the SANS Institute says about the management features and advanced security capabilities of the McAfee Next Generation Firewall.

What's Next: Industry Experts Speak Out on Advanced Evasion Techniques

Get our experts' opinions on Advanced Evasion Techniques (AETs)- delivery mechanisms used to disguise advanced persistent threats (APTs) and permit them to slip through network security undetected.

Data Center IPS Comparative Analysis: Total Cost of Ownership

By using total cost of ownership (TCO) instead of purchase price, t is possible to factor in management of the device via labor costs associated with product installation, maintenance, upkeep, and tuning.

ESG Lab Validation Report: McAfee Next Generation Firewall

This report presents the results of ESG Lab’s hands-on testing of McAfee Next Generation Firewall. The evaluation validates the solution’s capability to deliver scalable, highly available network security that goes beyond the basic requirements of a next-generation firewall.

Report Summary: The Security Industry’s Dirty Little Secret

This report is a summary on how AETs play a critical role in an APT attack is vital to protecting any organization.

The Security Industry’s Dirty Little Secret

One of the dirty little secret weapons hackers use to bypass security systems and penetrate even the most locked-down networks are advanced evasion techniques (AETs). While AETs are not a secret among the hacking community—where they are well known and have been in widespread use for several years—there are misunderstandings, misinterpretation, and ineffective safeguards in use by the security experts charged with blocking AETs.

Advanced Attacks Demand New Defenses

Security threat and response is a vicious circle of escalating (and increasingly cagey) ­attacks and sophisticated (and increasingly costly) defenses. The latest generation of ­malware includes deviously creative evasive techniques crafted to exploit ambiguities in the Internet’s underlying technology, flaws in network software stacks, and limitations of security appliances. In this report, we discuss these techniques, how IT teams can test their level of exposure, and how to detect and block attacks using advanced packet normalization.

Advanced Evasion Techniques for Dummies

Welcome to Advanced Evasion Techniques For Dummies, your guide to the security evasion techniques that have become a serious preoccupation of the IT industry.

Solution Briefs

McAfee Next Generation Firewall: Services solutions for Managed Service Providers (MSP)

With threats from cyberattacks on the rise and access to advanced skill sets in short supply, organizations are looking to Managed Service Providers to outsource and fill the gap. McAfee Next Generation Firewall offers the advanced security, flexibility, and multitenant control needed to protect businesses while growing yours.

White Papers

Network Management and Operational Efficiency

In this white paper, we look at how McAfee Security Management Center, which is included in McAfee Next Generation Firewall, enables IT administrators to be more efficient, especially as their networks increase in complexity. Simple, scalable, and cost effective, McAfee Security Management Center has received consistently high customer satisfaction ratings over the past 10 years.

Next-Generation Availability and Scalability

In today’s dynamic economic climate, network availability and performance is more important than ever before. An enterprise’s success is dependent on a well-functioning, secure network. Instead of a bolt-on approach to network security, built-in network availability and performance solutions such as McAfee Next Generation Firewall can simplify network security while boosting performance and keeping costs down.

Protect Against Advanced Evasion Techniques — Essential Design Principles

Cybercriminals are increasingly exploiting vulnerabilities in network security systems at a greater rate than ever before. Learn how to protect against advanced evasion techniques (AETs) and avoid becoming a victim.

Demand More

Get the most from the move to a next-generation firewall.

Augmented VPN

McAfee Augmented VPN provides a simple and cost-effective way to create fast, secure, high-capacity connections between sites and ensure uninterrupted Internet connectivity. This white paper examines challenges faced by companies using traditional VPN solutions, and outlines how the McAfee Augmented VPN solution addresses those issues.

McAfee Multi-Link

McAfee Multi-Link technology, built in to McAfee Next Generation Firewall, provides highly available Internet connectivity in a simple, straightforward, and cost-effective manner.