Ds Firewall Enterprise
-
Upload
mohammad-khaled -
Category
Documents
-
view
223 -
download
0
Transcript of Ds Firewall Enterprise
-
8/3/2019 Ds Firewall Enterprise
1/5
Data Sheet
McAee Firewall Enterprise Features
McAee AppPrismapplication,
discovery, and control including:
Packet, stateul, and ull
application fltering
Full application discovery and control
Multiple delivery options, including
multi-frewall appliances (one
appliance managing up to 32 virtual
frewalls), McAee Firewall Enterprise
or Riverbed, McAee Firewall
Enterprise or Crossbeam, and a
virtual frewall applianceNetwork address translation (NAT)
McAee AppPrism categories
Anonymizers/proxies
Authentication services
Business web applicationsContent management
Commercial monitoring
Database
Directory services
Email
Encrypted tunnels
Enterprise resource planning (ERP)/
customer relationship management
(CRM)
Filesharing
Gaming
Instant messaging
Inrastructure services
IT utilities
Mobile sotware
Peer-to-peer (P2P)Photo/video sharing
Remote administration
Remote desktop/terminal services
Social networking
Sotware/system updates
Storage
Streaming media
Toolbars and PC utilities
Voice over IP (VoIP)
VPN
Webmail
Web browsing
Web conerencing
Firewallsaretraditionallyonlyasstrongorasweak
asthepoliciesyoudene.Buteffectivesecurity
policiesfortodayscomplexWeb2.0trafc
dependonne-grainedunderstandingthatcan
behardtocomeby.Youneedrapidinsightthat
goesfarbeyondportandprotocoltoencompass
differentwebapplicationsandusersandthe
sophisticatedthreatsthattargetthem.
Whereinthepastyoucouldawaitsignatures,thebreakneckpaceofthreatevolutiontoday
demandsproactive,predictivediagnosisofrisk.
Multipleattributes,suchassourcereputation,
content,andbehavior,shouldbeassessedto
revealmaliciousintentbeforeanewthreat
is conrmed.
Itsnotenoughtopredictthethreat.Accurate,
timelyblockingdemandsconcertedactionthat
crossesconventionalproductsilos.
Thesedemandsplusthecalltoprove
complianceincreasetheoperationalburden
onthenetworkteam.Yetbudgetsremainunder
pressure.Somethinghastochange.
The Biggest Firewall Innovation in 15 Years
Withversion8oftheMcAfeeFirewallEnterprise,
McAfeereinventstherewall.Threeinnovations
deliverunprecedentedprotectionatanunheard-of
affordability.Wecombinefullapplicationvisibility
andcontrol,reputation-awarethreatintelligence,
andmultivectorattackprotectiontoimprove
networksecuritywhileshavingeffortandexpense.
TherewallsolutionincludestheMcAfeeFirewall
Enterpriseappliancefamily:McAfeeFirewall
EnterpriseProler,McAfeeFirewallEnterprise
ControlCenter,andMcAfeeFirewallReporter.
Today,theweakestlinkinnetworksecurityisthe
applicationlayer.Sowehavetakentherewall
trustedbymoreultra-secureenvironments
andaddedbroadapplicationdiscoveryand
control.YoucannowprotectnewandexistingWeb2.0applicationsfromtherisksofdata
leakage,networkabuse,andmaliciousattacks.
WithMcAfeetechnology,youcanensure
theapplicationsusingyournetworkbenet
your business.
Discover
McAfeeAppPrismtechnologyusestheinnovative
McAfeeFirewallEnterpriseProlertoidentify
alltrafcandrevealtheapplicationsthatare
reallyinuse,withhelpfulcontextsuchassource,
bandwidth,anddestination.Byinspecting
encryptedapplication-leveltrafc,youcan
eliminateloopholesfavoredbycyberthieves
and attackers.
Control
Fine-grainedcontrolallowscomprehensive
enforcementofpolicybasedonbusinessneeds.
InsteadofpoliciesmatchedjusttoIPaddress,port
orprotocol,youcannowplaceausernamewith
aroleandasetofapplications.
McAee Firewall Enterprise ApplianceFully characterize and contain every new threat and vulnerability
Sprawlingenterpriseapplicationsandthebroad,fast-changingattacksurfaceof
Web 2.0necessitateanewapproachtorewallsecurity.Firstgenerationrewalls
werelimitedtoport,protocol,andIPaddresses.Today,enhancednextgeneration
McAfeerewallsletyoucondentlydiscover,control,visualize,andprotectnewand
existingapplications,usingvisualanalyticsanduseridentityforefcient,effective
rules.Andtodetectcomplexthreatswithintheseapplications,weintegrateproactive
threatintelligencewithmultipleinspectiontechnologiesinonecost-effective,easy-to-manageappliance.
-
8/3/2019 Ds Firewall Enterprise
2/5
Data Sheet McAee Firewall Enterprise Appliance
McAee Firewall Enterprise Features
(continued)
Authentication
Local
Microsot Active DirectoryTransparent identities or Active
Directory (McAee logon collector)
LDAP (Sun, Open LDAP,
Custom LDAP)
RADIUS
Microsot Windows
domain authentication
Microsot Windows
NTLM authentication
Passport (single sign-on)
Strong authentication
(SecurID)
Supports CAC authentication
High availability
Active/active
Active/passiveStateul session ailover
Remote IP monitoring
Global threat intelligence
McAee Global Threat Intelligence
network connection reputation
Geo-location fltering
McAee Labs
Encrypted application flteringSSHSFTPSCPBidirectional HTTPS decryption
and re-encryption
Intrusion prevention system (IPS)
More than 10,000 signatures
Automatic signature updates
Custom signatures
Preconfgured signature groups
Anti-virus and anti-spyware
Protects against spyware, Trojans,
and worms
Heuristics
Automatic signature updates
Web fltering
Integrated McAee SmartFilter
fltering and management
Block Java, Active-X, JavaScript,
SOAP
Anti-spamMcAee Global Threat Intelligence
network connection reputation
VPN
IKEv1 and IKEv2
DES, 3DES, AES-128, and
AES-256 encryptionSHA-1 and MD5 authentication
Dife-Hellmann groups 1, 2, and 5
Policy-restricted tunnels
NAT-T
Xauth
Constructapplicationusagerulesthatcombine
attributessuchas:
Businessorrecreationalpurpose
Useridentity Embeddedapplicationcontrol
Whitelisting
Geo-location
User identity
Withoutvisibilityintoandcontroloverusersand
thecontextoftheiruse,rewallscannotdefend
againstincreasinglyport-agile,evasive,targeted
applications.McAfeeFirewallEnterpriseapplies
user-awarerulesandcontroloverapplications.
Whenauserconnects,thesystemvalidates
entitlementsinrealtimefromyourexistinguserdirectory.Therewallquicklyappliespolicies
mappedtouseridentitythatgrantexplicituseof
anapplication.
Bytrackingtotheuser,rulesaregranularenough
formodernbusinessoperation.Andidentity-
basedrulesmakegoodoperationalsense.More
andmoreenterprisesrelyheavilyonunieduse
ofuserdirectoriesandidentitymanagementto
supportaccesscontrols.Userchangeshappen
onceandpropagateout.Securitypoliciesstayup
todateastheusercommunitychanges.
Embedded application control
Embeddedapplicationcontrolgivesyouthepower
totailorrightswithinanapplication.Forinstance,
youmightallowYahoo,butblockYahooIM,or
allowIMonlyforspecicusergroups,perhaps
customersupportorsales,orlocations,suchas
theheadofce.
Youcanalsosupportappropriatecorporateuse
andblackoutpoliciesbyspecifyingwhenan
applicationcanorcannotbeused.Rulescould
allowMySpaceuseduringlunchtime,forexample,
forcustomerserviceteams,whilenancial
applicationsarenotavailabletoanyoneviaVPN
onweekends.
Manyexploitstrytobenetfromthelaxsecurity
insocialnetworkingsitesbyconcealingtheir
payloadswithintrendyapplets.WithMcAfee,you
canallowaccesstothebenecialelementsof
siteslikeFacebook,butstillminimizetheriskof
compromisedapplicationswithineachsite.
Whitelisting
Foradvancedcontrol,applicationwhitelistinglets
youexplicitlyallowonlytrafcfromapplications
thathavebeenapprovedasnecessaryor
appropriate.Comparedtolengthyblacklists,
whitelistingwhittlesdownthenumberofrules
youneedtowriteandmaintain.
Geo-location
Asbotnetsproliferatethroughpopularsocial
networkingapplications,ithasbecomemore
importanttobeabletolockdownrogue
applicationsthatattempttocommunicateto
certainlocations.Geo-locationletsyoucutoffthis
contacttokeepyourdatafromexltratingand
preventyoursystemsfrombeingusedformischief
Wegiveyouthisne-grainedcontrolwhilemakingrulesdevelopmentlesscomplex.In
fact,theresjustonepolicyinoneview.One
straightforwardconsolepresentstheoptions
requiredtoefcientlymanageallrulesandadd
defenses.Thisuniedmodelisespeciallybenecia
overtimeandacrossteams,aswealsohighlight
ruleinteractionsandoverlaps.Withcoloredelds
highlightingpotentialconicts,youavoiderrors
andenhanceperformance.
Visualize
Itstimetomovefrommanagingrulesto
managingrisk.McAfeeFirewallEnterpriseProler
simpliesassessmentofnetworktrafcsoyou
canaddnewapplicationsquickly.Ourintuitive
visualanalyticsgiveyouawaytomeasurethe
effectivenessofeachrulechangeinstantly,soyou
cantunepoliciesforthemaximumbenet.
Richgraphicaltoolscorrelateapplicationactivities
inrealtime,basedonuseridentity,geo-location,
andusagelevels.Youcaneasilyseewhoisusing
whatapplications.Thisintegratedviewletsyou
exchangehoursofduediligence,experimentation
andtroubleshootingforjustafewclicks.For
someusers,thebiggestadvantageisseeingimmediatelywhetherornotaproblemwasreally
duetotherewallandbeingabletonavigateto
itsroot cause.
-
8/3/2019 Ds Firewall Enterprise
3/5
Data Sheet McAee Firewall Enterprise Appliance
McAee SecureOS Operating System
Features
McAee Type Enorcement
technologyPreconfgured operating system (OS)
security policy
OS compartmentalization
Network stack separation
McAee Firewall Enterprise
Control Center
Windows graphical user interace
Local console
Full command line
USB disaster recovery confguration
backup and restore
Rapid troubleshooting and frewall
rule impact analysis with McAee
Firewall Enterprise Profler
Logging, monitoring, and reportingOn-box logging
Scheduled log archiving
and exporting
McAee Firewall Enterprise log
sotware extract ormat (SEF)
Export ormats (XML, SEF,
W3C, WebTrends)
Syslog
SNMP v1, v2c, and v3
McAee Firewall Reporter
SEM included
Networking and routing
IPv6 compliant
Dynamic routing (RIP v1 and v2, OSPF,
BGP, and PIM-SM)
Static routes802.1Q VLAN taggingDHCP clientDeault route ailoverQoS
Secure servers
Secure DNS (single or split)
Secure sendmail (single or split)
Appliances and hardwareUpgrade warranty to our-hour
response or most models
Virtualization solutions and rugged
appliance options available
Single-, dual-, and quad-core
processorsASIC-based accelerationRAID HDD confgurationsRedundant power supplies
Technical support
24/7 telephone-based
technical support
24/7 technical support with web-
based ticketing and knowledgebase
Protect
McAfeeAppPrismhelpsyoureducerisksfrom
application-levelthreatswhileyouoptimizeuseof
corporatebandwidth.BehindMcAfeeAppPrism
standsthepowerofMcAfeeLabs.Ourthreat
researchersutilizethreatresearchandintelligence
datatocontinuallyrecognizeandassessrisk
for31categoriesofapplications,rangingfrom
anonymizerstovideoandphotosharing.
Byassigningdynamicreputationsforsites,
senders, andlocations,wecanblockanaverage
70percentofundesirabletrafcbeforeyouever
seeit.Becauseofthiscapability,itcaneven
spotthesubtlecommandandcontrol(CandC)
channelof botnets.
The Only Firewall with Reputation Analysis
and Global Threat Intelligence
OnlyMcAfeeincludesreputationtechnologyin
arewall,anditisjustoneelementofMcAfee
GlobalThreatIntelligence.AtMcAfee,morethan
400researcherscollaborateacrossweb,spam,
vulnerability,hostandnetworkintrusion,malware,
andregulatorycomplianceresearch.Thisbreadthallowsthemtocharacterizeeverynewthreat
and vulnerability.
Theirefforts,informedbymorethan100million
sensorsaroundtheworld,deliverreal-time
predictiveriskanalysistoguardyouagainst
evolvingmultifacetedthreats.
Unlikeold-fashionedrewallsthatrelyon
signatures,automatedthreatfeedsfromMcAfee
Labskeepyouuptodatewithouttakingyour
rewalloff-line.Withtheincreaseinadvanced
persistentthreatslikeOperationAurora,McAfee
GlobalThreatIntelligenceisthemostsophisticated
protectionyoucanown,helpingyoumitigate
vulnerabilities,avoidregulatoryviolations,and
lowerthecostofremediation.
Multivector Security in One Integrated
Appliance
OnereasoncustomerschooseMcAfeeisour
extensivesecurityandcomplianceportfolio.
Now,weplacethismightrightatyourdoor.
FacingoffagainstthecomplexthreatsinWeb2.0applications,exploitcocktails,phishing,and
targetedattacks,McAfeeFirewallEnterprisenow
combinesmultiplecrucialthreatprotectionsin
everyrewallappliance.
Before,rewallswerelimitedtoaccesscontroland
segmentation.Adequateprotectionrequiredthe
expenseofimplementingandmaintainingseveral
separateproducts.Now,oneboxcombines:
McAfeeAppPrismdeliversfullapplication
discoveryandcontrol
Intrusionprevention
Globalreputationanalysis
URLlteringwithMcAfeeSmartFiltertechnology
Encryptedapplicationltering
Anti-virus,anti-spyware,andanti-spam
Ourexperiencebuildingmultivectorsolutionshas
helpedusdeliveralltheseprotectionswithout
compromisingperformanceorproductivityand
withoutchargingextra.
Figure 1. McAee Global Threat Intelligence eaturing McAee TrustedSource allows or blocks trafc based upon reputation
-
8/3/2019 Ds Firewall Enterprise
4/5
Data Sheet McAee Firewall Enterprise Appliance
McAee Firewall EnterpriseProduct Line
The Firewall Enterprise product line
includes appliances appropriate
or businesses o all sizes, as well as
companion products such as McAee
Firewall Enterprise Profler, McAee
Firewall Enterprise Control Center,
and McAee Firewall Reporter. These
products work together to streamline
management activities and reduce
operational costs. Flexible, hybrid
delivery options include physical
appliances, multifrewall appliances,
virtual appliances, and solutions
or Riverbed Steelhead appliances.
Carrier-class security perormance
with speeds up to 40 Gbps is deliveredby our McAee Firewall Enterprise
or Crossbeam solution running on
Crossbeams X-Series hardware. Ask
your sales representative or more
inormation.
Fine-Grained Control Made Manageable
Reliablesecuritymustalsobeeasytocongure.
TheintuitiveMcAfeeFirewallEnterprise
administrativeconsoleletsyouradministrators
createrulesandselectivelyapplydefensessuch
asapplicationlters,IPSsignatures,andURL
lteringfromasinglescreen.Newsoftware
featureupdatesaredeliveredautomaticallyvia
theInternet,reducingmaintenanceeffort.Simply
determinetheschedulewithasingleclick.
TheMcAfeeFirewallEnterpriseproductline
includesadditionaltoolsforsimplifying
management:McAfeeFirewallReporterand
McAfeeFirewallEnterpriseControlCenter.
Includedatnoadditionalcost,McAfeeFirewall
Reportersoftwareturnsauditstreamsintoactionableinformation.Thisaward-winning
securityeventmanagement(SEM)tooldelivers
centralmonitoring,andcorrelatedalertingand
reporting.Choosefrommorethan500graphical
reportstodepictnetworktrafcandhelpmeetall
majorregulatoryrequirements.
Soldseparately,McAfeeFirewallEnterprise
ControlCenterofferscentralizedrewallpolicy
managementformultipleMcAfeeFirewall
Enterpriseappliances.Itletsyoumaximize
operationalefciency,simplifypolicycontrol,
optimizerules,streamlinesoftwareupdates,anddemonstrateregulatorycompliance.Youcan
evencomparepolicycongurationsonallof
yourMcAfeeFirewallEnterpriseControlCenter-
manageddevicestoensureconsistencyacross
yournetwork.Robustcongurationmanagement
letsyoucentrallytrack,trace,andvalidateall
policychanges.
Furthermore,McAfeeFirewallEnterpriseControlCenterintegrateswithMcAfeeePolicy
Orchestrator(McAfeeePO)software,providing
itwithvisibilityintorewallhealthdata
and reports.
The Most Secure Firewall Hardware Platorm
Atitscore,McAfeeFirewallEnterpriserunson
thehigh-speed,highassuranceMcAfeeSecureOS
operatingsystem.PatentedMcAfeeType
EnforcementtechnologysecurestheOSitselffor
anunparalleledlevelofplatformsecurity.Perhaps
itiswhyMcAfeeSecureOShasanunparalleled
CERTadvisoryrecord:noemergencysecurity
patcheshaveeverbeenrequired.
Thepreconguredoperatingsystemsecuritypolicy
preventscompromises,andtheentireoperating
systemiscompartmentalizedsoattackerscannot
disruptitswork.
Theseextrastepsallowedustobetherstrewall
toachieveCommonCriteriaEAL4+certication
withUSDoDProtectionProlecompliance.
Becauseofourinnovationandadvanced
security,theMcAfeeFirewallEnterpriseprotects
15,000networksaroundtheworld,includingthousandsofgovernmentagencies,Fortune500
organizations,andsevenofthetop10nancial
institutions.Putustoworkprotectingyou.
-
8/3/2019 Ds Firewall Enterprise
5/5
McAee
2821 Mission College Boulevard
Santa Clara, CA 95054
888 847 8766
www.mcaee.com
McAee, the McAee logo, McAee Labs, McAee Global Threat Intelligence, McAee ePolicy Orchestrator, McAee ePO, McAee AppPrism,
McAee SmartFilter, TrustedSource, and McAee SecureOS are registered trademarks or t rademarks o McAee, Inc. or its subsidiaries in the
United States and other countries. Other marks and brands may be claimed as the property o others. The product plans, specifcations and
descriptions herein are provided or inormation only and subject to change without notice, and are provided without warranty o any kind,
express or implied. Copyright 2011 McAee, Inc.
31501ds_we-appliance_0711_nl_ETMG
Data Sheet McAee Firewall Enterprise Appliance
Hardware Specifcations1 S1104 S2008 S3008 S4016 S5032 S6032 S7032-XX
Form actor Small 1U 1U 1U Enterprise 1U Enterprise 2U Enterprise 2U Enterprise 2U
Unlimited user licenses Yes Yes Yes Yes Yes Yes Yes
Recommended users 200 300 600 MediumLarge3 MediumLarge3 Large3 Large3
RAID N/A N/A N/A Yes Yes Yes Yes
Maximum networkmodules
N/A N/A N/A 1 3 3 24
1 Gb copper interaces
(base/maximum)4 8 8 8/16 8/32 8/32 8/164
1 Gb fber interaceoption (maximum)
N/A N/A N/A 8 24 24 84
10 Gb fber interace
option (maximum)N/A N/A N/A 6 18 18 44
Encrypted flteringacceleration N/A N/A Integrated Integrated Integrated Integrated N/A
Out-o-band management
(status, temperature,voltage, on/o, and more)
Serial Console
Only
Serial Console
OnlyYes Yes Yes Yes Yes
Regulatory complianceBSMI (Taiwan), MIC/KCC (Korea), C-Tick (Australia/NZ), VCCI (Japan), FCC (US), UL (US), CSA (Canada), ICES (Canada), CE (EU), GOST R (Russia),
CCC (China), SABS (South Arica), IRAM (Argentina), NOM (Mexico)
Perormance1
Firewall perormance(maximum)2
750 Mbps 1.0 Gbps 4.0 Gbps 9.0 Gbps 12.0 Gbps 15.0 Gbps 12.0 Gbps
Threat prevention2 250 Mbps 1.0 Gbps 2.0 Gbps 3.0 Gbps 5.0 Gbps 6.0 Gbps 5.0 Gbps
McAee AppPrism2 250 Mbps 1.0 Gbps 2.0 Gbps 7.5 Gbps 10.0 Gbps 12.0 Gbps 10.0 Gbps
Concurrent sessions2 200,000 500,000 750,000 1,500,000 3,000,000 4,000,000 3,000,000
New sessions per
second25,000 15,000 20,000 35,000 50,000 70,000 50,000
IPSec VPN throughput(AES)2
60 Mbps 250 Mbps 350 Mbps 400 Mbps 450 Mbps 500 Mbps 450 Mbps
IPSec VPN maximumnumber o tunnels2
250 1,000 2,000 4,000 8,000 10,000 8,000
Dimensions, weight, environmental
Width16.9 in
42.93 cm16.9 in
42.93 cm16.9 in
42.93 cm17.2 in43.8 cm
18.9 in48.04 cm
18.9 in48.04 cm
18.9 in48.04 cm
Depth8.5 in
21.59 cm28.0 in
71.12 cm28.0 in
71.12 cm24.4 in
61.87 cm30.0 in
76.21 cm30.0 in
76.21 cm30.0 in
76.21 cm
Height1.7 in
4.32 cm1.7 in
4.32 cm1.7 in
4.32 cm1.7 in
4.32 cm3.4 in
8.71 cm3.4 in
8.71 cm3.4 in
8.71 cm
Weight10.93 lbs
4.96 kg25 lbs
11.34 kg25 lbs
11.34 kg22 lbs
9.98 kg30 lbs (est)13.61 kg
30 lbs (est)13.61 kg
30 lbs (est)13.61 kg
Power supply details 100 W110/220 V 350 W110/220 V 350 W110/220 V Dual 400 W110/220 V Dual 750 W110/220 V Dual 750 W110/220 V Dual 750 W110/220 V
Operating temperature0 C35 C
32 F95 F
10 C35 C
50 F95 F
10 C35 C
50 F95 F
10 C35 C
50 F95 F
10 C35 C
50 F95 F
10 C35 C
50 F95 F
10 C35 C
50 F95 F
Crossbeam X-Series
Firewall Perormance
Up To 40 Gbps
WAN Optimization and
Branch Ofce Security
On a Single Device
Virtual Firewall to Protect
Your Virtual Inrastructure
1 All specifcation and perormance results are based on the S-series o appliances.
2 V8 perormance data represents the maximum capabilities o the systems as measured under optimal testing conditions. Deployment and policy considerations may impact perormance results
3 Please contact your McAee representative to determine proper sizing or your needs.
4 Maximum o two network modules supported (o any type), maximum o one 10 Gb network module supported (with a maximum o our transceivers populated).