Beruflich Dokumente
Kultur Dokumente
Sprawling enterprise applications and the broad, fast-changing attack surface of Web
2.0 necessitate a new approach to firewall security. First generation firewalls were
limited to port, protocol, and IP addresses. Today, enhanced next generation McAfee®
firewalls let you confidently discover, control, visualize, and protect new and existing
applications, using visual analytics and user identity for efficient, effective rules. And
McAfee Firewall Enterprise Appliance
Security Features
to detect complex threats within these applications, we interlock proactive threat
AppPrism—Application Discovery and
intelligence with multiple inspection technologies in one cost-effective, easy-to-
Control including: manage appliance.
• Packet, stateful, and full
application filtering
• Full application discovery and control
(SecurID) When a user connects, the system validates certain locations. Geo-location lets you cut off this
High availability (HA) entitlements in real time from your existing user contact to keep your data from exfiltrating and
• Active/active
directory. The firewall quickly applies policies prevent your systems being used for mischief.
• Active/passive
• Stateful session failover
mapped to user identity that grant explicit use of We give you this fine-grained control while
• Remote IP monitoring an application. making rules development less complex. In
Global Threat Intelligence By tracking to the user, rules are granular enough fact, there’s just one policy in one view. One
• McAfee TrustedSource™ global
for modern business operation. And identity- straightforward console presents the options
reputation service
• Geo-location filtering based rules make good operational sense. More required to efficiently manage all rules and add
• McAfee Labs and more enterprises rely heavily on unified use defenses. This unified model is especially beneficial
Encrypted application filtering of user directories and identity management to over time and across teams, as we also highlight
• SSH support access controls. User changes happen rule interactions and overlaps. With colored fields
• SFTP
once and propagate out. Security policies stay up highlighting potential conflicts, you avoid errors
• SCP
• Bi-directional to date as the user community changes. and enhance performance.
HTTPS decryption
and re-encryption
Embedded Application Control Visualize
Intrusion prevention system (IPS)
• More than 10,000 signatures Embedded application control gives you the power It’s time to move from managing rules to
• Automatic signature updates to tailor rights within an application. For instance, managing risk. McAfee Firewall Enterprise Profiler
• Custom signatures
you might allow Yahoo, but block Yahoo IM, or simplifies assessment of network traffic so you
• Preconfigured signature groups
allow IM only for specific user groups, perhaps can add new applications quickly. Our intuitive
Anti-virus and anti-spyware
customer support or sales, or locations, such as visual analytics give you a way to measure the
• Protects against spyware, Trojans,
and worms the head office. effectiveness of each rule change instantly, so you
• Heuristics can tune policies for the maximum benefit.
• Automatic signature updates
You can also support corporate appropriate use
and blackout policies by specifying when an Rich graphical tools correlate application activities
Web filtering
• Integrated McAfee SmartFilter® application can or cannot be used. Rules could in real time, based on user identity, geo-location,
filtering and management allow MySpace use during lunch time, for example, and usage levels. You can easily see who is using
• Block Java, Active-X, JavaScript,
for customer service teams, while financial what applications. This integrated view lets you
SOAP
applications are not available to anyone via VPN exchange hours of due diligence, experimentation,
Anti-spam
• McAfeeTrustedSource global
on weekends. and troubleshooting for just a few clicks. For
reputation service some users, the biggest advantage is seeing
Many exploits try to benefit from the lax security
VPN immediately whether or not a problem was really
in social networking sites by concealing their
• IKEv1 and IKEv2 due to the firewall and being able to navigate to
• DES, 3DES, AES-128, and
payloads within trendy applets. With McAfee, you
its root cause.
AES-256 encryption can allow access to the beneficial elements of
• SHA-1 and MD5 authentication
sites like Facebook, but still minimize the risk of
• Diffie-Hellmann groups 1, 2, and 5
• Policy-restricted tunnels
compromised applications within each site.
• NAT-T
• Xauth
Data Sheet McAfee Firewall Enterprise Appliance
security policy
• OS compartmentalization
• Network stack separation
and exporting McAfee AppPrism helps you reduce risks from persistent threats like Operation Aurora, McAfee
• Firewall Enterprise log application-level threats while you optimize use of Global Threat Intelligence is the most sophisticated
softwareExtract format (SEF) corporate bandwidth. Behind AppPrism stands the protection you can own, helping you mitigate
• Export formats (XML, SEF,
W3C, WebTrends)
power of McAfee Labs™. Threat researchers use vulnerabilities, avoid regulatory violations, and
• Syslog McAfee TrustedSource™ technology to continually lower the cost of remediation.
• SNMP v1, v2c, and v3 recognize and assess risk for 31 categories of
• McAfee Firewall Reporter
applications, ranging from anonymizers to video Multi-vector security in one
SEM included
and photo sharing. integrated appliance
Networking and routing
One reason customers choose McAfee is our
• Dynamic routing (RIP v1 and v2, OSPF, By assigning dynamic reputations for sites, senders,
BGP, and PIM-SM) extensive security and compliance portfolio.
and locations, we can block an average 70
• Static routes Now, we place this might right at your door.
• 802.1Q VLAN tagging percent of undesirable traffic before you ever see
Facing off against the complex threats in Web
• DHCP client it. Because of this capability, it can even spot the
• Default route failover
2.0 applications, exploit cocktails, phishing, and
subtle command and control (C and C) channel
• QoS targeted attacks, McAfee Firewall Enterprise now
of botnets.
Secure servers combines multiple crucial threat protections in
• Secure DNS (single or split) every firewall appliance.
• Secure sendmail (single or split)
The only firewall with reputation analysis and
global threat intelligence Before, firewalls were limited to access control and
Appliances and hardware
• Upgrade warranty to four-hour Only McAfee includes reputation technology in segmentation. Adequate protection required the
response for most models a firewall, and it is just one element of McAfee expense of implementing and maintaining several
• Virtualization solutions and rugged
Global Threat Intelligence. At McAfee, over four separate products. Now, one box combines:
appliance options available
• Single-, dual-, and quad-core
hundred security researchers—more than the
• McAfee AppPrism—Full application discovery
processors entire staff at some vendors—collaborate across
• ASIC-based acceleration
and control
web, spam, vulnerability, host and network
• RAID HDD configurations
intrusion, malware, and regulatory compliance
• Intrusion prevention
• Redundant power supplies
research. This breadth allows them to characterize • TrustedSource global reputation analysis
Technical support
• 24/7 telephone-based
every new threat and vulnerability. • URL filtering with McAfee SmartFilter®
technical support technology
• 24/7 technical support with web-
Their efforts, informed by more than one hundred
million sensors around the world, deliver real-
• Encrypted application filtering
based ticketing and knowledgebase
time predictive risk analysis to guard you against • Anti-Virus, anti-spyware, and anti-spam
evolving multi-faceted threats. Our experience building multi-vector solutions
Unlike old-fashioned firewalls that rely on has helped us deliver all these protections without
signatures, automated threat feeds from McAfee compromising performance or productivity. And
Labs keep you up to date without taking your without charging extra.
Data Sheet McAfee Firewall Enterprise Appliance
Hardware Specs1 S1004 410 510 1100 2100 2150 2150 VX-XX 4150
Form factor Mini 1U Small 1U Small 1U Enterprise 1U Enterprise 2U Enterprise 2U Enterprise 2U Enterprise 5U
Unlimited user licenses Yes Yes Yes Yes Yes Yes Yes Yes
Recommended users 100 300 600 Med -Large Med-Large Large Large Enterprise
1. All specification and performance results are based on the S- and F-series of appliances.
2. Performance data represents the maximum capabilities of the systems as measured under optimal testing conditions. Deployment and policy considerations may impact performance results.
McAfee, Inc. McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other
3965 Freedom Circle countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are
Santa Clara, CA 95054 provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied.
888 847 8766 Copyright © 2010 McAfee, Inc.
www.mcafee.com 8815ds_nts_nextgen-firewall_0410_WH