McAfee Next Generation Firewall

McAfee Next Generation Firewall

Unified, modular security built for manageability, anti-evasion, and high availability

Next Steps:

Overview

Unified and flexible network security for every enterprise environment. McAfee Next Generation Firewall integrates visionary security features with high availability and manageability, delivering advanced network protection across your entire enterprise — from corporate headquarters and branch sites to data centers and the network edge.

McAfee Next Generation Firewall integrates application control, intrusion prevention system (IPS), and evasion prevention into a single, affordable solution. It is the only next-generation firewall solution to unite anti-evasion security with enterprise-scale availability and manageability. In addition, our unique solution can change its capabilities from a next-generation firewall to a L2 firewall, IPS, and firewall/VPN, allowing you to deploy security where, when, and how you need it to maximize your return on investment.

Unified software core — Add security features and capacity, without disrupting your network. With McAfee Next Generation Firewall, a single system design serves multiple roles — next-generation firewall, Layer 2 firewall, firewall/VPN, IPS, remote access gateway, and application control — so you can quickly adapt to changing business requirements and new threats. Integrate multiple security capabilities in a single device, with a single management environment, yet pay only for what you use. Get started with a low initial purchase price, and expand capabilities as needed while maintaining a low overall TCO.

Protection against advanced evasion techniques — Get a built-in defense against a new class of sophisticated attacks. McAfee Next Generation Firewall analyzes the actual content in the data stream to protect against known and unknown evasion techniques, even when they are applied on multiple protocol levels, increasing your protection against advanced persistent threats and other undesirable traffic.

Centralized management — A single, powerful management platform optimizes and centrally controls all of the firewalls throughout your corporate infrastructure and remote sites, making security management more efficient and lowering TCO. Administrators can build and apply rules for complex environments — including software, physical, or virtual devices — without the burden of a complex UI. You gain real-time visibility into your security posture with actionable reports and visualizations from a single management system.

High availability and scalability — Support the security demands of data centers that need to deliver uninterrupted uptime with no gap in protection. Built-in traffic load balancing and clustering capabilities allow for native active-active clustering and load balancing for up to 16 nodes, where nodes can be different models and different OS that support operating speeds up to 120 Gbps — without requiring a third-party clustering or load balancing product. This flexible design delivers high availability and high throughput to allow demanding deployments to get the most out of next-generation firewall technology.

Free VPN Cost Calculator
Powerful Technologies Integrated into Every McAfee Next Generation Firewall

Features & Benefits

Deploy security as you need it

Choose from software, physical, and virtual appliances to match every budget and network architecture. IPv6 support is also available. McAfee Next Generation Firewall allows you to pick and choose these roles on the same platform: Next Generation Firewall, Evasion Prevention System (EPS), IPS, Layer 2 firewall, and firewall/VPN, with just a change in license keys.

Maintain high availability

High availability is at the core of the McAfee Next Generation Firewall. Native active-active clustering and load balancing of up to 16 appliances, running different models and software versions within the same cluster, provides scalability and high availability in demanding data center environments and situations where processing-intensive security applications, such as deep inspection or VPNs, require more performance.

User application controls to manage network usage

Define fine-grained application usage policies based on user or user group, traffic type, target or source IP address, interface or domain name, time, and day of the week to better manage your network bandwidth and enforce appropriate usage policies.

Block advanced anti-evasion techniques (AETs)

Defend against sophisticated anti-evasion techniques, typically used by well-resourced, motivated attackers to obtain access into protected networks and launch advanced persistent threats. Always up to date, this layer of protection is critical to stop emerging network-based attacks that can bypass most security solutions by distributing payloads across multiple protocols.

Manage more with less

Use a single, powerful, and highly scalable management console for expanded visibility into your entire network. Centralized management helps reduce operational costs and eliminate chaos by unifying control of network security devices in the data center, at remote sites, and throughout the corporate infrastructure.

Management System

McAfee Security Management Center

With the McAfee Security Management Center, you see the big picture across your distributed network, while lowering operational costs. Our easy-to-deploy, intuitive, and scalable centralized management platform provides unparalleled situational awareness of critical network security events. Easy-to-use advanced visualizations inform you of what is happening in your network, including where attacks are coming from, active sessions, anomalous traffic, and more. McAfee Security Management Center provides control across a variety of McAfee Next Generation Firewall hardware, software, and virtual devices throughout your enterprise — enabling consistent protection and efficient maintenance for branch sites, internal network segments, and data centers.

Lower total cost of ownership
Manage more with fewer resources. With McAfee Security Management Center, you can automate routine tasks, reuse policies, and utilize numerous shortcuts, saving time and money. All tasks, including initial deployments, can be performed through the centralized management console — streamlining configuration, maintenance, and support.

Efficiency gains
Seamless workflows speed administrators through daily security management with our intuitive interface. Quickly and easily drill down into policies, logs, and reports. And, the more distributed the environment, with multiple firewalls, the more efficiency gained from reusable policies and tasks, unified monitoring, and centralized reporting.

Situational awareness
A picture can tell more than a thousand words. With easily accessible and recallable statistical reports and visualizations, McAfee Security Management Center will help you understand your entire environment, highlighting any anomalies found.

System Requirements

For a complete list of system requirements, download the data sheet.

McAfee Next Generation Firewall Specifications

  • IP address assignment
    • FW clusters: Static, IPv4, IPv6
    • FW single nodes: static, DHCP, PPPoA, PPPoE, IPv4, static IPv6
    • Services: DHCP Server and DHCP relay for IPv4
  • Address translation
    • IPv4, IPv6
    • Static NAT, source NAT with Port Address Translation (PAT), Destination NAT with PAT
  • Routing
    • Static IPv4 and IPv6 routes, policy-based routing, static multicast routing
  • Dynamic routing
    • IGMP proxy, RIPv2, OSPFv2,BGP, PIM-SM
  • IPv6
    • Dual stack IPv4/IPv6, ICMPv6, DNSv6
  • SIP
    • Allows RTP media streams dynamically, NAT traversal, deep inspection, interoperability with RFC3261 compliant SIP devices
  • CIS redirection
    • HTTP, FTP, SMTP protocols redirection to Content Inspection Server (CIS)
  • Antivirus (subscription required)
  • Scanned protocols
  • Engine
  • HTTP, HTTPS, POP3,IMAP, SMTP
    • File-based, local signature database, automatic real-time updates
    • Antispam (subscription required)
    • Scanned protocols
    • Engine
    • Filtering methods
  • SMTP
    • Scoring-based spam detection
    • Customizable email envelope/header/content matching
    • Local antispoofing and relay
    • Honeypot filtering
    • SPF/MX record matching
    • DNS-based blacklists

General System Specifications

  • Supported Platforms
    • McAfee Appliances: 1035, 1065, 1302, 3202, 3206, 5206 appliances
    • Software Appliance: X86-based systems
    • Virtual Appliance: VMware ESX virtualization platforms
  • Supported Roles
    • Firewall/VPN (layer 3), IPS/IDS (layer 2), Layer 2 Firewall

Firewall/VPN-Specific Functionality

  • General
    • Stateful and stateless packet filtering, circuit-level firewall with TCP proxy protocol agent
  • Platform Certifications
    • VPN Consortium (VPNC) interoperability certified: Basic, AES, certification, IKEv2, and IPv6
    • ICSA Labs: Network IPS, Network Firewall, IPv6, High Availability, USGv6
    • VMware: Virtual appliance VMware ready certified
    • Q1Labs Log Event Enhanced Format (LEEF) certified
    • Microsoft IPSec VPN client certified for Windows Vista, Compatible with Windows 7

Awards & Reviews

NSS Labs
NSS Labs 2013 Next Generation Firewall Group Test “Recommended”

McAfee Next Generation Firewall (formerly Stonesoft FW-3202) received a "Recommended" rating in NSS Labs’ Next Generation Firewall (NGFW) Group Test. This is the second consecutive "Recommend" rating for NGFW.

NSS Labs
NSS Labs 2013 Network Firewall Group Test “Recommended”

McAfee Next Generation Firewall (formerly Stonesoft FW-1301) earned a "Recommended" rating in NSS Labs’ Network Firewall Group Test. In the thorough testing process, the product performed 100% for stability and reliability, firewall enforcement, and security effectiveness.

Gartner
McAfee (Formerly Stonesoft) Positioned in the Visionaries Quadrant of the Gartner Magic Quadrant for Enterprise Network Firewalls

Gartner placed Stonesoft, now a part of McAfee, in the Visionaries Quadrant of its report, “Magic Quadrant for Enterprise Network Firewalls” published February 7, 2013. The evaluation in Gartner’s Magic Quadrant is based on completeness of vision and ability to execute. The report analyzes various vendors' strengths and weaknesses, and is essential reading for network security professionals.

Customer Stories

Fusion Media Networks

McAfee Next Generation Firewall solution provides Fusion with a clear view of its clients’ data, enabling the company to offer full protection against threats, regardless of location.

Highlights
  • McAfee Security Management Center reduced administrative costs by 30%
  • Built-in defense against AETs
  • Protection against threats allows customers to concentrate on core business activities

RWTH Aachen

McAfee Next Generation Firewall secures incoming and outgoing network traffic at RWTH Aachen, while maintaining high performance and availability.

Highlights
  • Robust multitenancy for rapid troubleshooting and support.
  • Ability to perform maintenance and operation while system is running.
  • Efficient and user-friendly administration.

Product Modules

McAfee Firewall/VPN

McAfee Firewall/VPN delivers optimum high availability, network security, and business continuity, all centrally managed by McAfee Security Management Center, to meet the needs of your distributed enterprise. McAfee Firewall/VPN creates a protective perimeter around your company, preventing attacks and securing your data communications, in an easy-to-deploy and manage solution.

McAfee Firewall/VPN is built with the unified software core of McAfee Next Generation Firewall. So, as your business grows, your firewall can be easily upgraded and augmented with additional features, functions, and capabilities with a simple change of your license key.

High availability
Unique technologies provide your enterprise with always-on connectivity, resulting in uninterrupted protection with zero downtime. Update and upgrade at any time without service connection breaks. Learn more about our high availability technologies.

Advanced security
McAfee Firewall/VPN utilizes multilayer inspection technology for detecting and blocking the advanced stealth cyberattack methods that easily bypass many network security devices. McAfee Firewall/VPN is hardened with strong encryption to meet the most demanding security requirements.

Easy to manage
McAfee appliances are administered via the Security Management Center, saving you time and money.  Plug-and-play deployments, task automation, policy replication, and advanced visualizations help streamline administration and simplify tasks.

Technologies

McAfee Next Generation Firewall integrates industry-leading technologies to provide top performance, advanced threat protection, and seamless deployment. Learn more about each of these technologies below, or see all integrated technologies.

Certifications

Common Criteria Certification
Common Criteria Certification

McAfee Next Generation Firewall has completed Common Criteria level EAL 4+ certification. Common Criteria is an international certification scheme setting standards for IT product security.

CEF Certified
CEF Certified

McAfee Next Generation Firewall has obtained Common Event Format (CEF) certification from ArcSight, Inc. An open log management standard, CEF streamlines and simplifies integration of McAfee Next Generation Firewall event logs with ArcSight Security Information and Event Management (SIEM) solution. For more information about the CEF certification and HP Enterprise Security Technology Ecosystem Alliances Program, please refer to the HP technology partner website.

CSPN
CSPN (First Level Standard Certification)

McAfee Next Generation Firewall has obtained elementary qualification in the French CSPN (First Level Standard Certification), delivered by the FNISA (French Network and Information Security Agency). Certificates issued by the FNISA (known as ANSSI in France) by delegation from the Prime Minister certify that the qualified products comply with a technical specification referred to as the security target. The RGS (General Security Guidelines), first implemented by decree on May 6, 2010, forms the framework for CSPN certification. The ANSSI delivers proof of certification in accordance with the processes listed in the 2002-535 decree published April 18, 2002. For more information on the CSPN certification, please refer to the FNISA website.

FIPS Certification
FIPS Certification

McAfee has received FIPS (Federal Information Processing Standard) 140-2 certification for its IPsec cryptographic modules being used in the McAfee Next Generation Firewall and Firewall/VPN products from version 5.4.7 onwards. FIPS 140-2 certification ensures cryptographic security of connections. For more information on the FIPS 140-2, please refer to the FIPS 140-1/140-2 vendor list.

ICSA Labs
ICSA Labs Enterprise Certified Network Firewall

McAfee Next Generation Firewall has received Enterprise-level Certification for Network Firewall from ICSA Labs, a worldwide leader in setting security standards for information security products. ICSA Certification ensures enterprise customers that McAfee Next Generation Firewall offers the highest level of protection for the points at which corporate networks meet the Internet. The McAfee Next Generation Firewall has been tested and certified against the 4.1x criteria for network firewalls. In order to be granted Enterprise certification, a product must meet high availability (HA), voice over IP (VoIP), and IPv6 requirements.

Secured by RSA
Secured by RSA

McAfee Next Generation Firewall has achieved Secured by RSA Certified Partner status with RSA SecurID and RSA enVision products. The RSA Secured certification tells organizations that McAfee Next Generation Firewall is compatible with RSA’s market-leading security products and technologies.

Section 508 Accessibility

The purpose of the Voluntary Product Accessibility Template is to assist Federal contracting officials in making preliminary assessments regarding the availability of commercial Electronic and Information Technology products and services with features that support accessibility. Contact McAfee Federal Sales for more information.

VMware Certified Virtual Appliance Program
VMware Certified Virtual Appliance Program

The McAfee Virtual Firewall/VPN is VMware Ready certified. The VMware Certified Virtual Appliance Program enables developers of virtual appliances to market their solutions to customers, and highlights the virtual appliances that are safe and ready-to-run in a production environment. By purchasing virtual appliances that have been certified by VMware, customers know they are obtaining solutions that are reliable, secure, and optimized for a virtualized environment.

VPN Consortium Certifications
VPN Consortium Certifications

Virtual Private Network Consortium (VPNC) is the international trade association for manufacturers in the VPN market. The VPN Consortium issues logos to products of member companies that have passed the interoperability and conformance tests it conducts. The interoperability logos indicate that a product interoperates with the other products in the test, and the conformance logos indicate VPNC's belief that a product conforms to various parts of the IPsec standards. For more information about the VPN Consortium, please refer to VPNC website.

News / Events

Resources

Data Sheets

McAfee Next Generation Firewall Roles and Licensing Options

For technical specifications on the McAfee product listed above, please view the product data sheet.

McAfee Firewall/VPN Appliance Comparison

Download a technical comparison of all McAfee Firewall/VPN appliances.

McAfee Next Generation Firewall Appliance Comparison

Download a technical comparison of all McAfee Next Generation Firewall appliances.

McAfee Next Generation Firewall

For a technical summary on the McAfee product integration listed above, please view the product data sheet.

McAfee Security Management Center

For a technical summary on the McAfee product integration listed above, please view the product data sheet.

McAfee Firewall/VPN

For a technical summary on the McAfee product integration listed above, please view the product data sheet.

McAfee Next Generation Firewall MIL-320

For technical specifications on the McAfee product listed above, please view the product data sheet.

Additional Subscriptions for McAfee Next Generation Firewall

For technical specifications on the McAfee product listed above, please view the product data sheet.

McAfee Virtual Contexts

For technical specifications on the McAfee product listed above, please view the product data sheet.

McAfee Next Generation Firewall Modules

For technical specifications on the McAfee product listed above, please view the product data sheet.

Design & Implementation

McAfee Next Generation Firewall

The McAfee Next Generation Firewall Design and Implementation Guide provides best practice designs and configuration steps for some of the most common use cases that enterprises will encounter.

Legacy Products

McAfee Next Generation Firewall Specification Sheet - Legacy Products

This data sheet includes a list of the latest supported software versions, supported feature packs, supported interface modules, and end-of-support and end-of-life dates for legacy Next Generation Firewall products.

Reports

ESG Lab Validation Report: McAfee Next Generation Firewall

This report presents the results of ESG Lab’s hands-on testing of McAfee Next Generation Firewall. The evaluation validates the solution’s capability to deliver scalable, highly available network security that goes beyond the basic requirements of a next-generation firewall.

Report Summary: The Security Industry’s Dirty Little Secret

This report is a summary on how AETs play a critical role in an APT attack is vital to protecting any organization.

The Security Industry’s Dirty Little Secret

One of the dirty little secret weapons hackers use to bypass security systems and penetrate even the most locked-down networks are advanced evasion techniques (AETs). While AETs are not a secret among the hacking community—where they are well known and have been in widespread use for several years—there are misunderstandings, misinterpretation, and ineffective safeguards in use by the security experts charged with blocking AETs.

Advanced Attacks Demand New Defenses

Security threat and response is a vicious circle of escalating (and increasingly cagey) ­attacks and sophisticated (and increasingly costly) defenses. The latest generation of ­malware includes deviously creative evasive techniques crafted to exploit ambiguities in the Internet’s underlying technology, flaws in network software stacks, and limitations of security appliances. In this report, we discuss these techniques, how IT teams can test their level of exposure, and how to detect and block attacks using advanced packet normalization.

Advanced Evasion Techniques for Dummies

Welcome to Advanced Evasion Techniques For Dummies, your guide to the security evasion techniques that have become a serious preoccupation of the IT industry.

Solution Briefs

McAfee Next Generation Firewall: Services solutions for Managed Service Providers (MSP)

With threats from cyberattacks on the rise and access to advanced skill sets in short supply, organizations are looking to Managed Service Providers to outsource and fill the gap. McAfee Next Generation Firewall offers the advanced security, flexibility, and multitenant control needed to protect businesses while growing yours.

White Papers

Network Management and Operational Efficiency

In this white paper, we look at how McAfee Security Management Center, which is included in McAfee Next Generation Firewall, enables IT administrators to be more efficient, especially as their networks increase in complexity. Simple, scalable, and cost effective, McAfee Security Management Center has received consistently high customer satisfaction ratings over the past 10 years.

Next-Generation Availability and Scalability

In today’s dynamic economic climate, network availability and performance is more important than ever before. An enterprise’s success is dependent on a well-functioning, secure network. Instead of a bolt-on approach to network security, built-in network availability and performance solutions such as McAfee Next Generation Firewall can simplify network security while boosting performance and keeping costs down.

Protect Against Advanced Evasion Techniques — Essential Design Principles

Cybercriminals are increasingly exploiting vulnerabilities in network security systems at a greater rate than ever before. Learn how to protect against advanced evasion techniques (AETs) and avoid becoming a victim.

Demand More

Get the most from the move to a next-generation firewall.

Augmented VPN

McAfee Augmented VPN provides a simple and cost-effective way to create fast, secure, high-capacity connections between sites and ensure uninterrupted Internet connectivity. This white paper examines challenges faced by companies using traditional VPN solutions, and outlines how the McAfee Augmented VPN solution addresses those issues.

McAfee Multi-Link

McAfee Multi-Link technology, built in to McAfee Next Generation Firewall, provides highly available Internet connectivity in a simple, straightforward, and cost-effective manner.

Community

Blogs

  • Embrace and Secure Shadow IT
    David Bull - July 22, 2014

    “Shadow IT” is stepping out into the light of day. Business users are eagerly embracing the cloud and especially Software-as-a-Service (SaaS) in search of cost-effective productivity tools for file sharing and storage, collaboration, social media, and anything else that makes them more effective on the job. But the problem is these well-intentioned, hardworking employees are […]

    The post Embrace and Secure Shadow IT appeared first on McAfee.

  • 10 Experts, One Topic, 800 Million AETs
    Pat Calhoun - July 21, 2014

    To say cyber threats are getting more advanced may be the understatement of the year.  Every minute, our 500-plus team at McAfee Labs learns something new about the behavior of malware and other types of network attacks.  The most commonly undetected threat these days is the advanced evasion technique (AET).  In the most basic terms, […]

    The post 10 Experts, One Topic, 800 Million AETs appeared first on McAfee.

  • July #SecChat – Targeted Attacks Set Sights on Vital Systems
    Rees Johnson - July 18, 2014

    Targeted attacks can take on many different forms and are flexible enough to adopt a variety of tactics. Think of them as a specialized unit for cyber criminals. They are utilized for very specific missions and operate with the precision of a surgical strike, rather than the carpet-bombing techniques used by other malware variants. Whether […]

    The post July #SecChat – Targeted Attacks Set Sights on Vital Systems appeared first on McAfee.

  • Texas Tech University HSC Unifies Security and Compliance with McAfee SIEM Solutions
    Karl Klaessig - July 16, 2014

    Texas Tech University Health Sciences Center (TTUHSC) is a leader in education and research. With seven schools across six campuses, research facilities, and health care clinics, the university’s IT security team has the lofty task of protecting electronic medical records and health information in compliance with HIPAA regulations. Previously, TTUHSC lacked a centralized security management […]

    The post Texas Tech University HSC Unifies Security and Compliance with McAfee SIEM Solutions appeared first on McAfee.

  • Continuous Incident Response
    Barbara Kay - July 15, 2014

    At last week’s Gartner Risk and Security Management Summit, Anton Chuvakin mentioned that 1-3% of systems are compromised today. He called it “a low intensity fire, not a conflagration.” This seemed like a great analogy for our challenge with incident response. As a security industry—indeed, as a society—it’s much more straightforward to detect, contain, and […]

    The post Continuous Incident Response appeared first on McAfee.