Ds Firewall Enterprise

8/3/2019 Ds Firewall Enterprise

1/5

Data Sheet

McAee Firewall Enterprise Features

McAee AppPrismapplication,

discovery, and control including:

Packet, stateul, and ull

application fltering

Full application discovery and control

Multiple delivery options, including

multi-frewall appliances (one

appliance managing up to 32 virtual

frewalls), McAee Firewall Enterprise

or Riverbed, McAee Firewall

Enterprise or Crossbeam, and a

virtual frewall applianceNetwork address translation (NAT)

McAee AppPrism categories

Anonymizers/proxies

Authentication services

Business web applicationsContent management

Commercial monitoring

Database

Directory services

Email

Encrypted tunnels

Enterprise resource planning (ERP)/

customer relationship management

(CRM)

Filesharing

Gaming

Instant messaging

Inrastructure services

IT utilities

Mobile sotware

Peer-to-peer (P2P)Photo/video sharing

Remote administration

Remote desktop/terminal services

Social networking

Sotware/system updates

Storage

Streaming media

Toolbars and PC utilities

Voice over IP (VoIP)

VPN

Webmail

Web browsing

Web conerencing

Firewallsaretraditionallyonlyasstrongorasweak

asthepoliciesyoudene.Buteffectivesecurity

policiesfortodayscomplexWeb2.0trafc

dependonne-grainedunderstandingthatcan

behardtocomeby.Youneedrapidinsightthat

goesfarbeyondportandprotocoltoencompass

differentwebapplicationsandusersandthe

sophisticatedthreatsthattargetthem.

Whereinthepastyoucouldawaitsignatures,thebreakneckpaceofthreatevolutiontoday

demandsproactive,predictivediagnosisofrisk.

Multipleattributes,suchassourcereputation,

content,andbehavior,shouldbeassessedto

revealmaliciousintentbeforeanewthreat

is conrmed.

Itsnotenoughtopredictthethreat.Accurate,

timelyblockingdemandsconcertedactionthat

crossesconventionalproductsilos.

Thesedemandsplusthecalltoprove

complianceincreasetheoperationalburden

onthenetworkteam.Yetbudgetsremainunder

pressure.Somethinghastochange.

The Biggest Firewall Innovation in 15 Years

Withversion8oftheMcAfeeFirewallEnterprise,

McAfeereinventstherewall.Threeinnovations

deliverunprecedentedprotectionatanunheard-of

affordability.Wecombinefullapplicationvisibility

andcontrol,reputation-awarethreatintelligence,

andmultivectorattackprotectiontoimprove

networksecuritywhileshavingeffortandexpense.

TherewallsolutionincludestheMcAfeeFirewall

Enterpriseappliancefamily:McAfeeFirewall

EnterpriseProler,McAfeeFirewallEnterprise

ControlCenter,andMcAfeeFirewallReporter.

Today,theweakestlinkinnetworksecurityisthe

applicationlayer.Sowehavetakentherewall

trustedbymoreultra-secureenvironments

andaddedbroadapplicationdiscoveryand

control.YoucannowprotectnewandexistingWeb2.0applicationsfromtherisksofdata

leakage,networkabuse,andmaliciousattacks.

WithMcAfeetechnology,youcanensure

theapplicationsusingyournetworkbenet

your business.

Discover

McAfeeAppPrismtechnologyusestheinnovative

McAfeeFirewallEnterpriseProlertoidentify

alltrafcandrevealtheapplicationsthatare

reallyinuse,withhelpfulcontextsuchassource,

bandwidth,anddestination.Byinspecting

encryptedapplication-leveltrafc,youcan

eliminateloopholesfavoredbycyberthieves

and attackers.

Control

Fine-grainedcontrolallowscomprehensive

enforcementofpolicybasedonbusinessneeds.

InsteadofpoliciesmatchedjusttoIPaddress,port

orprotocol,youcannowplaceausernamewith

aroleandasetofapplications.

McAee Firewall Enterprise ApplianceFully characterize and contain every new threat and vulnerability

Sprawlingenterpriseapplicationsandthebroad,fast-changingattacksurfaceof

Web 2.0necessitateanewapproachtorewallsecurity.Firstgenerationrewalls

werelimitedtoport,protocol,andIPaddresses.Today,enhancednextgeneration

McAfeerewallsletyoucondentlydiscover,control,visualize,andprotectnewand

existingapplications,usingvisualanalyticsanduseridentityforefcient,effective

rules.Andtodetectcomplexthreatswithintheseapplications,weintegrateproactive

threatintelligencewithmultipleinspectiontechnologiesinonecost-effective,easy-to-manageappliance.


2/5

Data Sheet McAee Firewall Enterprise Appliance

McAee Firewall Enterprise Features

(continued)

Authentication

Local

Microsot Active DirectoryTransparent identities or Active

Directory (McAee logon collector)

LDAP (Sun, Open LDAP,

Custom LDAP)

RADIUS

Microsot Windows

domain authentication

Microsot Windows

NTLM authentication

Passport (single sign-on)

Strong authentication

(SecurID)

Supports CAC authentication

High availability

Active/active

Active/passiveStateul session ailover

Remote IP monitoring

Global threat intelligence

McAee Global Threat Intelligence

network connection reputation

Geo-location fltering

McAee Labs

Encrypted application flteringSSHSFTPSCPBidirectional HTTPS decryption

and re-encryption

Intrusion prevention system (IPS)

More than 10,000 signatures

Automatic signature updates

Custom signatures

Preconfgured signature groups

Anti-virus and anti-spyware

Protects against spyware, Trojans,

and worms

Heuristics

Automatic signature updates

Web fltering

Integrated McAee SmartFilter

fltering and management

Block Java, Active-X, JavaScript,

SOAP

Anti-spamMcAee Global Threat Intelligence

network connection reputation

VPN

IKEv1 and IKEv2

DES, 3DES, AES-128, and

AES-256 encryptionSHA-1 and MD5 authentication

Dife-Hellmann groups 1, 2, and 5

Policy-restricted tunnels

NAT-T

Xauth

Constructapplicationusagerulesthatcombine

attributessuchas:

Businessorrecreationalpurpose

Useridentity Embeddedapplicationcontrol

Whitelisting

Geo-location

User identity

Withoutvisibilityintoandcontroloverusersand

thecontextoftheiruse,rewallscannotdefend

againstincreasinglyport-agile,evasive,targeted

applications.McAfeeFirewallEnterpriseapplies

user-awarerulesandcontroloverapplications.

Whenauserconnects,thesystemvalidates

entitlementsinrealtimefromyourexistinguserdirectory.Therewallquicklyappliespolicies

mappedtouseridentitythatgrantexplicituseof

anapplication.

Bytrackingtotheuser,rulesaregranularenough

formodernbusinessoperation.Andidentity-

basedrulesmakegoodoperationalsense.More

andmoreenterprisesrelyheavilyonunieduse

ofuserdirectoriesandidentitymanagementto

supportaccesscontrols.Userchangeshappen

onceandpropagateout.Securitypoliciesstayup

todateastheusercommunitychanges.

Embedded application control

Embeddedapplicationcontrolgivesyouthepower

totailorrightswithinanapplication.Forinstance,

youmightallowYahoo,butblockYahooIM,or

allowIMonlyforspecicusergroups,perhaps

customersupportorsales,orlocations,suchas

theheadofce.

Youcanalsosupportappropriatecorporateuse

andblackoutpoliciesbyspecifyingwhenan

applicationcanorcannotbeused.Rulescould

allowMySpaceuseduringlunchtime,forexample,

forcustomerserviceteams,whilenancial

applicationsarenotavailabletoanyoneviaVPN

onweekends.

Manyexploitstrytobenetfromthelaxsecurity

insocialnetworkingsitesbyconcealingtheir

payloadswithintrendyapplets.WithMcAfee,you

canallowaccesstothebenecialelementsof

siteslikeFacebook,butstillminimizetheriskof

compromisedapplicationswithineachsite.

Whitelisting

Foradvancedcontrol,applicationwhitelistinglets

youexplicitlyallowonlytrafcfromapplications

thathavebeenapprovedasnecessaryor

appropriate.Comparedtolengthyblacklists,

whitelistingwhittlesdownthenumberofrules

youneedtowriteandmaintain.

Geo-location

Asbotnetsproliferatethroughpopularsocial

networkingapplications,ithasbecomemore

importanttobeabletolockdownrogue

applicationsthatattempttocommunicateto

certainlocations.Geo-locationletsyoucutoffthis

contacttokeepyourdatafromexltratingand

preventyoursystemsfrombeingusedformischief

Wegiveyouthisne-grainedcontrolwhilemakingrulesdevelopmentlesscomplex.In

fact,theresjustonepolicyinoneview.One

straightforwardconsolepresentstheoptions

requiredtoefcientlymanageallrulesandadd

defenses.Thisuniedmodelisespeciallybenecia

overtimeandacrossteams,aswealsohighlight

ruleinteractionsandoverlaps.Withcoloredelds

highlightingpotentialconicts,youavoiderrors

andenhanceperformance.

Visualize

Itstimetomovefrommanagingrulesto

managingrisk.McAfeeFirewallEnterpriseProler

simpliesassessmentofnetworktrafcsoyou

canaddnewapplicationsquickly.Ourintuitive

visualanalyticsgiveyouawaytomeasurethe

effectivenessofeachrulechangeinstantly,soyou

cantunepoliciesforthemaximumbenet.

Richgraphicaltoolscorrelateapplicationactivities

inrealtime,basedonuseridentity,geo-location,

andusagelevels.Youcaneasilyseewhoisusing

whatapplications.Thisintegratedviewletsyou

exchangehoursofduediligence,experimentation

andtroubleshootingforjustafewclicks.For

someusers,thebiggestadvantageisseeingimmediatelywhetherornotaproblemwasreally

duetotherewallandbeingabletonavigateto

itsroot cause.


3/5


McAee SecureOS Operating System

Features

McAee Type Enorcement

technologyPreconfgured operating system (OS)

security policy

OS compartmentalization

Network stack separation

McAee Firewall Enterprise

Control Center

Windows graphical user interace

Local console

Full command line

USB disaster recovery confguration

backup and restore

Rapid troubleshooting and frewall

rule impact analysis with McAee

Firewall Enterprise Profler

Logging, monitoring, and reportingOn-box logging

Scheduled log archiving

and exporting

McAee Firewall Enterprise log

sotware extract ormat (SEF)

Export ormats (XML, SEF,

W3C, WebTrends)

Syslog

SNMP v1, v2c, and v3

McAee Firewall Reporter

SEM included

Networking and routing

IPv6 compliant

Dynamic routing (RIP v1 and v2, OSPF,

BGP, and PIM-SM)

Static routes802.1Q VLAN taggingDHCP clientDeault route ailoverQoS

Secure servers

Secure DNS (single or split)

Secure sendmail (single or split)

Appliances and hardwareUpgrade warranty to our-hour

response or most models

Virtualization solutions and rugged

appliance options available

Single-, dual-, and quad-core

processorsASIC-based accelerationRAID HDD confgurationsRedundant power supplies

Technical support

24/7 telephone-based

technical support

24/7 technical support with web-

based ticketing and knowledgebase

Protect

McAfeeAppPrismhelpsyoureducerisksfrom

application-levelthreatswhileyouoptimizeuseof

corporatebandwidth.BehindMcAfeeAppPrism

standsthepowerofMcAfeeLabs.Ourthreat

researchersutilizethreatresearchandintelligence

datatocontinuallyrecognizeandassessrisk

for31categoriesofapplications,rangingfrom

anonymizerstovideoandphotosharing.

Byassigningdynamicreputationsforsites,

senders, andlocations,wecanblockanaverage

70percentofundesirabletrafcbeforeyouever

seeit.Becauseofthiscapability,itcaneven

spotthesubtlecommandandcontrol(CandC)

channelof botnets.

The Only Firewall with Reputation Analysis

and Global Threat Intelligence

OnlyMcAfeeincludesreputationtechnologyin

arewall,anditisjustoneelementofMcAfee

GlobalThreatIntelligence.AtMcAfee,morethan

400researcherscollaborateacrossweb,spam,

vulnerability,hostandnetworkintrusion,malware,

andregulatorycomplianceresearch.Thisbreadthallowsthemtocharacterizeeverynewthreat

and vulnerability.

Theirefforts,informedbymorethan100million

sensorsaroundtheworld,deliverreal-time

predictiveriskanalysistoguardyouagainst

evolvingmultifacetedthreats.

Unlikeold-fashionedrewallsthatrelyon

signatures,automatedthreatfeedsfromMcAfee

Labskeepyouuptodatewithouttakingyour

rewalloff-line.Withtheincreaseinadvanced

persistentthreatslikeOperationAurora,McAfee

GlobalThreatIntelligenceisthemostsophisticated

protectionyoucanown,helpingyoumitigate

vulnerabilities,avoidregulatoryviolations,and

lowerthecostofremediation.

Multivector Security in One Integrated

Appliance

OnereasoncustomerschooseMcAfeeisour

extensivesecurityandcomplianceportfolio.

Now,weplacethismightrightatyourdoor.

FacingoffagainstthecomplexthreatsinWeb2.0applications,exploitcocktails,phishing,and

targetedattacks,McAfeeFirewallEnterprisenow

combinesmultiplecrucialthreatprotectionsin

everyrewallappliance.

Before,rewallswerelimitedtoaccesscontroland

segmentation.Adequateprotectionrequiredthe

expenseofimplementingandmaintainingseveral

separateproducts.Now,oneboxcombines:

McAfeeAppPrismdeliversfullapplication

discoveryandcontrol

Intrusionprevention

Globalreputationanalysis

URLlteringwithMcAfeeSmartFiltertechnology

Encryptedapplicationltering

Anti-virus,anti-spyware,andanti-spam

Ourexperiencebuildingmultivectorsolutionshas

helpedusdeliveralltheseprotectionswithout

compromisingperformanceorproductivityand

withoutchargingextra.

Figure 1. McAee Global Threat Intelligence eaturing McAee TrustedSource allows or blocks trafc based upon reputation


4/5


McAee Firewall EnterpriseProduct Line

The Firewall Enterprise product line

includes appliances appropriate

or businesses o all sizes, as well as

companion products such as McAee

Firewall Enterprise Profler, McAee

Firewall Enterprise Control Center,

and McAee Firewall Reporter. These

products work together to streamline

management activities and reduce

operational costs. Flexible, hybrid

delivery options include physical

appliances, multifrewall appliances,

virtual appliances, and solutions

or Riverbed Steelhead appliances.

Carrier-class security perormance

with speeds up to 40 Gbps is deliveredby our McAee Firewall Enterprise

or Crossbeam solution running on

Crossbeams X-Series hardware. Ask

your sales representative or more

inormation.

Fine-Grained Control Made Manageable

Reliablesecuritymustalsobeeasytocongure.

TheintuitiveMcAfeeFirewallEnterprise

administrativeconsoleletsyouradministrators

createrulesandselectivelyapplydefensessuch

asapplicationlters,IPSsignatures,andURL

lteringfromasinglescreen.Newsoftware

featureupdatesaredeliveredautomaticallyvia

theInternet,reducingmaintenanceeffort.Simply

determinetheschedulewithasingleclick.

TheMcAfeeFirewallEnterpriseproductline

includesadditionaltoolsforsimplifying

management:McAfeeFirewallReporterand

McAfeeFirewallEnterpriseControlCenter.

Includedatnoadditionalcost,McAfeeFirewall

Reportersoftwareturnsauditstreamsintoactionableinformation.Thisaward-winning

securityeventmanagement(SEM)tooldelivers

centralmonitoring,andcorrelatedalertingand

reporting.Choosefrommorethan500graphical

reportstodepictnetworktrafcandhelpmeetall

majorregulatoryrequirements.

Soldseparately,McAfeeFirewallEnterprise

ControlCenterofferscentralizedrewallpolicy

managementformultipleMcAfeeFirewall

Enterpriseappliances.Itletsyoumaximize

operationalefciency,simplifypolicycontrol,

optimizerules,streamlinesoftwareupdates,anddemonstrateregulatorycompliance.Youcan

evencomparepolicycongurationsonallof

yourMcAfeeFirewallEnterpriseControlCenter-

manageddevicestoensureconsistencyacross

yournetwork.Robustcongurationmanagement

letsyoucentrallytrack,trace,andvalidateall

policychanges.

Furthermore,McAfeeFirewallEnterpriseControlCenterintegrateswithMcAfeeePolicy

Orchestrator(McAfeeePO)software,providing

itwithvisibilityintorewallhealthdata

and reports.

The Most Secure Firewall Hardware Platorm

Atitscore,McAfeeFirewallEnterpriserunson

thehigh-speed,highassuranceMcAfeeSecureOS

operatingsystem.PatentedMcAfeeType

EnforcementtechnologysecurestheOSitselffor

anunparalleledlevelofplatformsecurity.Perhaps

itiswhyMcAfeeSecureOShasanunparalleled

CERTadvisoryrecord:noemergencysecurity

patcheshaveeverbeenrequired.

Thepreconguredoperatingsystemsecuritypolicy

preventscompromises,andtheentireoperating

systemiscompartmentalizedsoattackerscannot

disruptitswork.

Theseextrastepsallowedustobetherstrewall

toachieveCommonCriteriaEAL4+certication

withUSDoDProtectionProlecompliance.

Becauseofourinnovationandadvanced

security,theMcAfeeFirewallEnterpriseprotects

15,000networksaroundtheworld,includingthousandsofgovernmentagencies,Fortune500

organizations,andsevenofthetop10nancial

institutions.Putustoworkprotectingyou.


5/5

McAee

2821 Mission College Boulevard

Santa Clara, CA 95054

888 847 8766

www.mcaee.com

McAee, the McAee logo, McAee Labs, McAee Global Threat Intelligence, McAee ePolicy Orchestrator, McAee ePO, McAee AppPrism,

McAee SmartFilter, TrustedSource, and McAee SecureOS are registered trademarks or t rademarks o McAee, Inc. or its subsidiaries in the

United States and other countries. Other marks and brands may be claimed as the property o others. The product plans, specifcations and

descriptions herein are provided or inormation only and subject to change without notice, and are provided without warranty o any kind,

express or implied. Copyright 2011 McAee, Inc.

31501ds_we-appliance_0711_nl_ETMG


Hardware Specifcations1 S1104 S2008 S3008 S4016 S5032 S6032 S7032-XX

Form actor Small 1U 1U 1U Enterprise 1U Enterprise 2U Enterprise 2U Enterprise 2U

Unlimited user licenses Yes Yes Yes Yes Yes Yes Yes

Recommended users 200 300 600 MediumLarge3 MediumLarge3 Large3 Large3

RAID N/A N/A N/A Yes Yes Yes Yes

Maximum networkmodules

N/A N/A N/A 1 3 3 24

1 Gb copper interaces

(base/maximum)4 8 8 8/16 8/32 8/32 8/164

1 Gb fber interaceoption (maximum)

N/A N/A N/A 8 24 24 84

10 Gb fber interace

option (maximum)N/A N/A N/A 6 18 18 44

Encrypted flteringacceleration N/A N/A Integrated Integrated Integrated Integrated N/A

Out-o-band management

(status, temperature,voltage, on/o, and more)

Serial Console

Only

Serial Console

OnlyYes Yes Yes Yes Yes

Regulatory complianceBSMI (Taiwan), MIC/KCC (Korea), C-Tick (Australia/NZ), VCCI (Japan), FCC (US), UL (US), CSA (Canada), ICES (Canada), CE (EU), GOST R (Russia),

CCC (China), SABS (South Arica), IRAM (Argentina), NOM (Mexico)

Perormance1

Firewall perormance(maximum)2

750 Mbps 1.0 Gbps 4.0 Gbps 9.0 Gbps 12.0 Gbps 15.0 Gbps 12.0 Gbps

Threat prevention2 250 Mbps 1.0 Gbps 2.0 Gbps 3.0 Gbps 5.0 Gbps 6.0 Gbps 5.0 Gbps

McAee AppPrism2 250 Mbps 1.0 Gbps 2.0 Gbps 7.5 Gbps 10.0 Gbps 12.0 Gbps 10.0 Gbps

Concurrent sessions2 200,000 500,000 750,000 1,500,000 3,000,000 4,000,000 3,000,000

New sessions per

second25,000 15,000 20,000 35,000 50,000 70,000 50,000

IPSec VPN throughput(AES)2

60 Mbps 250 Mbps 350 Mbps 400 Mbps 450 Mbps 500 Mbps 450 Mbps

IPSec VPN maximumnumber o tunnels2

250 1,000 2,000 4,000 8,000 10,000 8,000

Dimensions, weight, environmental

Width16.9 in

42.93 cm16.9 in

42.93 cm16.9 in

42.93 cm17.2 in43.8 cm

18.9 in48.04 cm

18.9 in48.04 cm

18.9 in48.04 cm

Depth8.5 in

21.59 cm28.0 in

71.12 cm28.0 in

71.12 cm24.4 in

61.87 cm30.0 in

76.21 cm30.0 in

76.21 cm30.0 in

76.21 cm

Height1.7 in

4.32 cm1.7 in

4.32 cm1.7 in

4.32 cm1.7 in

4.32 cm3.4 in

8.71 cm3.4 in

8.71 cm3.4 in

8.71 cm

Weight10.93 lbs

4.96 kg25 lbs

11.34 kg25 lbs

11.34 kg22 lbs

9.98 kg30 lbs (est)13.61 kg

30 lbs (est)13.61 kg

30 lbs (est)13.61 kg

Power supply details 100 W110/220 V 350 W110/220 V 350 W110/220 V Dual 400 W110/220 V Dual 750 W110/220 V Dual 750 W110/220 V Dual 750 W110/220 V

Operating temperature0 C35 C

32 F95 F

10 C35 C

50 F95 F

10 C35 C

50 F95 F

10 C35 C

50 F95 F

10 C35 C

50 F95 F

10 C35 C

50 F95 F

10 C35 C

50 F95 F

Crossbeam X-Series

Firewall Perormance

Up To 40 Gbps

WAN Optimization and

Branch Ofce Security

On a Single Device

Virtual Firewall to Protect

Your Virtual Inrastructure

1 All specifcation and perormance results are based on the S-series o appliances.

2 V8 perormance data represents the maximum capabilities o the systems as measured under optimal testing conditions. Deployment and policy considerations may impact perormance results

3 Please contact your McAee representative to determine proper sizing or your needs.

4 Maximum o two network modules supported (o any type), maximum o one 10 Gb network module supported (with a maximum o our transceivers populated).

Ds Firewall Enterprise

Documents

Transcript of Ds Firewall Enterprise