Data Sheet

McAfee Firewall Enterprise Appliance

Fully characterize and contain every new threat and vulnerability

Sprawling enterprise applications and the broad, fast-changing attack surface of

Web 2.0 necessitate a new approach to firewall security. First generation firewalls
were limited to port, protocol, and IP addresses. Today, enhanced next generation
McAfee® firewalls let you confidently discover, control, visualize, and protect new and
existing applications, using visual analytics and user identity for efficient, effective
McAfee Firewall Enterprise Appliance
Security Features rules. And to detect complex threats within these applications, we interlock proactive
AppPrism—Application Discovery and threat intelligence with multiple inspection technologies in one cost-effective, easy-
Control including:
• Packet, stateful, and full
to-manage appliance.
application filtering
• Full application discovery and control

• Multiple delivery options, including Firewalls are traditionally only as strong or as weak The firewall solution includes the McAfee Firewall
multi-firewall appliances (one as the policies you define. But effective security Enterprise appliance family, McAfee Firewall
appliance managing up to 32 virtual
firewalls), McAfee Firewall Enterprise policies for today’s complex Web 2.0 traffic Enterprise Profiler, McAfee Firewall Enterprise
for Riverbed, McAfee Firewall depend on fine-grained understanding that can Control Center, and McAfee Firewall Reporter.
Enterprise for Crossbeam, and a be hard to come by. You need rapid insight that
virtual firewall appliance Today, the weakest link in network security is the
• Network address translation (NAT) goes far beyond port and protocol to encompass
application layer. So we have taken the firewall
different web applications and users and the
McAfee AppPrism™ categories trusted by more ultra-secure environments
• Anonymizers/Proxies sophisticated threats that target them.
and added broad application discovery and
• Authentication services
• Business
Where in the past you could await signatures, control. You can now protect new and existing
web applications
• Content management the breakneck pace of threat evolution today Web 2.0 applications from the risks of data
• Commercial monitoring demands proactive, predictive diagnosis of risk. leakage, network abuse, and malicious attacks.
• Database
Multiple attributes, such as source reputation, With McAfee technology, you can ensure the
• Directory services
• Email
content, and behavior, should be assessed to applications using your network to benefit
• Encrypted tunnels reveal malicious intent before a new threat your business.
• ERP/CRM is confirmed.
• Filesharing
Discover
• Gaming It’s not enough to predict the threat. Accurate,
• Instant messaging
McAfee AppPrism technology uses the innovative
timely blocking demands concerted action that
• Infrastructure services Firewall Profiler to identify all traffic and reveal
crosses conventional product silos.
• IT utilities the applications that are really in use, with
• Mobile software
These demands—plus the call to prove helpful context such as source, bandwidth, and
• Peer to Peer (P2P)
• Photo-Video sharing compliance—increase the operational burden destination. By inspecting encrypted application-
• Remote administration on the network team. Yet budgets remain under level traffic, you can eliminate loopholes favored
• Remote desktop/Terminal services
pressure. Something has to change. by cyber thieves and attackers.
• Social networking
• Software/System updates
• Storage The biggest firewall innovation in 15 years Control
• Streaming media With version 8 of the McAfee Firewall Enterprise, Fine-grained control allows comprehensive
• Toolbars and PC utilities
McAfee reinvents the firewall. Three innovations enforcement of policy based on business needs.
• Voice over IP (VOIP)
• VPN
deliver unprecedented protection at an unheard- Instead of policies matched just to IP address, port,
• Webmail of price. We combine full application visibility and or protocol, you can now place a user name with
• Web browsing control, reputation-aware threat intelligence, and a role and a set of applications.
• Web conferencing
multi-vector attack protection to improve network
security while shaving effort and expense.
 Data Sheet McAfee Firewall Enterprise Appliance

McAfee Firewall Enterprise Security Construct application usage rules that combine Whitelisting
Features (continued) attributes such as: For advanced control, application whitelisting lets
Authentication you explicitly allow only traffic from applications
• Local
• Business or recreational purpose
that have been approved as necessary or
• Microsoft Active Directory • User identity
• Transparent Identities for Active
appropriate. Compared to lengthy blacklists,
Directory (McAfee Logon Collector)
• Embedded application control whitelisting whittles down the number of rules
• LDAP (Sun, Open LDAP, • Whitelisting you need to write and maintain.
Custom LDAP)
• Geo-location
• RADIUS
Geo-location
• Microsoft Windows

Domain Authentication User Identity As botnets proliferate through popular social

• Microsoft Windows Without visibility into and control over users and networking applications, it has become more
NTLM Authentication important to be able to lock down rogue
the context of their use, firewalls cannot defend
• Passport (single sign-on)
• Strong authentication against increasingly port-agile, evasive, targeted applications that attempt to communicate to
(SecurID) apps. McAfee Firewall Enterprise applies user- certain locations. Geo-location lets you cut off this
• Supports CAC authentication
aware rules and control over applications. contact to keep your data from exfiltrating and
High availability (HA) prevent your systems being used for mischief.
• Active/active When a user connects, the system validates
• Active/passive entitlements in real time from your existing user We give you this fine-grained control while
• Stateful
session failover directory. The firewall quickly applies policies making rules development less complex. In
• Remote IP monitoring
mapped to user identity that grant explicit use of fact, there’s just one policy in one view. One
Global Threat Intelligence an application. straightforward console presents the options
• McAfee Global Threat Intelligence
Network Connection Reputation
required to efficiently manage all rules and add
By tracking to the user, rules are granular enough
• Geo-location filtering defenses. This unified model is especially beneficial
for modern business operation. And identity-
• McAfee Labs over time and across teams, as we also highlight
based rules make good operational sense. More
Encrypted application filtering rule interactions and overlaps. With colored fields
• SSH and more enterprises rely heavily on unified use
highlighting potential conflicts, you avoid errors
• SFTP of user directories and identity management to
• SCP
and enhance performance.
support access controls. User changes happen
• Bi-directional
HTTPS decryption
once and propagate out. Security policies stay up
and re-encryption Visualize
to date as the user community changes.
Intrusion prevention system (IPS) It’s time to move from managing rules to
• More than 10,000 signatures
Embedded Application Control managing risk. McAfee Firewall Enterprise Profiler
• Automatic signature updates
Embedded application control gives you the power simplifies assessment of network traffic so you
• Custom signatures
• Preconfigured signature groups to tailor rights within an application. For instance, can add new applications quickly. Our intuitive
you might allow Yahoo, but block Yahoo IM, or visual analytics give you a way to measure the
Anti-virus and anti-spyware
• Protects against spyware, Trojans, allow IM only for specific user groups, perhaps effectiveness of each rule change instantly, so you
and worms
customer support or sales, or locations, such as can tune policies for the maximum benefit.
• Heuristics
• Automatic signature updates the head office. Rich graphical tools correlate application activities
Web filtering You can also support corporate appropriate use in real time, based on user identity, geo-location,
• Integrated McAfee SmartFilter®
and blackout policies by specifying when an and usage levels. You can easily see who is using
filtering and management
application can or cannot be used. Rules could what applications. This integrated view lets you
• Block Java, Active-X, JavaScript,

SOAP allow MySpace use during lunch time, for example, exchange hours of due diligence, experimentation,
Anti-spam for customer service teams, while financial and troubleshooting for just a few clicks. For
• McAfeeGlobal Threat Intelligence applications are not available to anyone via VPN some users, the biggest advantage is seeing
Network Connection Reputation immediately whether or not a problem was really
on weekends.
VPN due to the firewall and being able to navigate to
• IKEv1 and IKEv2 Many exploits try to benefit from the lax security its root cause.
• DES, 3DES, AES-128, and
in social networking sites by concealing their
AES-256 encryption
• SHA-1 and MD5 authentication payloads within trendy applets. With McAfee, you
• Diffie-Hellmann groups 1, 2, and 5 can allow access to the beneficial elements of
• Policy-restricted tunnels
sites like Facebook, but still minimize the risk of
• NAT-T
• Xauth
compromised applications within each site.
 Data Sheet McAfee Firewall Enterprise Appliance

McAfee SecureOS® Operating System

Features
• McAfee Type Enforcement®
technology
• Preconfigured operating system (OS)

security policy
• OS compartmentalization
• Network stack separation

McAfee Firewall Enterprise

Control Center
• Windows graphical user interface
• Local console
• Full command line
• USB disaster recovery configuration

backup and restore

• Rapid troubleshooting and

firewall rule impact analysis with

McAfee Firewall Enterprise Profiler Global Threat Intelligence featuring McAfee Trusted Source allows or blocks traffic based upon reputation
(sold separately)
Logging, monitoring, and reporting
• On-box logging Protect firewall off line. With the increase in advanced
• Scheduled log archiving

and exporting McAfee AppPrism helps you reduce risks from persistent threats like Operation Aurora, McAfee
• Firewall Enterprise log application-level threats while you optimize Global Threat Intelligence is the most sophisticated
softwareExtract format (SEF) use of corporate bandwidth. Behind AppPrism protection you can own, helping you mitigate
• Export formats (XML, SEF,

W3C, WebTrends)
stands the power of McAfee Labs™. Our threat vulnerabilities, avoid regulatory violations, and
• Syslog researchers utilize threat research and intelligence lower the cost of remediation.
• SNMP v1, v2c, and v3 data to continually recognize and assess risk
• McAfee Firewall Reporter
for 31 categories of applications, ranging from Multi-vector security in one
SEM included
anonymizers to video and photo sharing. integrated appliance
Networking and routing
One reason customers choose McAfee is our
• IPv6 compliant By assigning dynamic reputations for sites,
• Dynamic routing (RIP v1 and v2, OSPF, extensive security and compliance portfolio.
senders, and locations, we can block an average
BGP, and PIM-SM) Now, we place this might right at your door.
• Static routes 70 percent of undesirable traffic before you ever
Facing off against the complex threats in Web
• 802.1Q VLAN tagging see it. Because of this capability, it can even
• DHCP client
2.0 applications, exploit cocktails, phishing, and
spot the subtle command and control (C and C)
• Default route failover targeted attacks, McAfee Firewall Enterprise now
channel of botnets.
• QoS combines multiple crucial threat protections in
Secure servers every firewall appliance.
• Secure DNS (single or split)
The only firewall with reputation analysis and
• Secure sendmail (single or split) global threat intelligence Before, firewalls were limited to access control and
Appliances and hardware Only McAfee includes reputation technology in segmentation. Adequate protection required the
• Upgrade warranty to four-hour a firewall, and it is just one element of McAfee expense of implementing and maintaining several
response for most models Global Threat Intelligence. At McAfee, over four separate products. Now, one box combines:
• Virtualization solutions and rugged

appliance options available

hundred security researchers—more than the
• McAfee AppPrism—Full application discovery
• Single-, dual-, and quad-core entire staff at some vendors—collaborate across
processors
and control
web, spam, vulnerability, host and network
• ASIC-based acceleration
intrusion, malware, and regulatory compliance
• Intrusion prevention
• RAID HDD configurations
research. This breadth allows them to characterize • Global reputation analysis
• Redundant power supplies

Technical support
every new threat and vulnerability. • URL filtering with McAfee SmartFilter®
• 24/7 telephone-based technology
Their efforts, informed by more than one hundred
technical support • Encrypted application filtering
• 24/7 technical support with web- million sensors around the world, deliver real-
based ticketing and knowledgebase time predictive risk analysis to guard you against • Anti-Virus, anti-spyware, and anti-spam
evolving multi-faceted threats. Our experience building multi-vector solutions
Unlike old-fashioned firewalls that rely on has helped us deliver all these protections without
signatures, automated threat feeds from McAfee compromising performance or productivity. And
Labs keep you up to date without taking your without charging extra.
 Data Sheet McAfee Firewall Enterprise Appliance

Fine-grained control made manageable across your network. Robust configuration

Reliable security must also be easy to configure. management lets you centrally track, trace, and
The intuitive Firewall Enterprise administrative validate all policy changes.
console lets your administrators create rules and
McAfee Firewall Enterprise Furthermore, Control Center integrates with
Product Line selectively apply defenses such as application
McAfee ePolicy Orchestrator® (ePO™), providing
The Firewall Enterprise product line filters, IPS signatures, and URL filtering from a
includes appliances appropriate ePO with visibility into firewall health data
single screen. New software feature updates are
for businesses of all sizes, as well as and reports.
companion products such as McAfee delivered automatically via the Internet, reducing
Firewall Enterprise Profiler, McAfee maintenance effort. Simply determine the
Firewall Enterprise Control Center, Most secure firewall hardware platform
schedule with a single click.
and McAfee Firewall Reporter. These At its core, McAfee Firewall Enterprise runs on
products work together to streamline The Firewall Enterprise product line includes the high-speed, high assurance McAfee SecureOS
management activities and reduce
operational costs. Flexible, hybrid additional tools for simplifying management: operating system. Patented McAfee Type
delivery options include physical McAfee Firewall Reporter and McAfee Firewall Enforcement® technology secures the OS itself for
appliances, multi-firewall appliances, Enterprise Control Center. an unparalleled level of platform security. Perhaps
virtual appliances, and solutions
for Riverbed Steelhead appliances. it is why SecureOS has an unparalleled CERT
Included at no additional cost, Firewall Reporter
Carrier-class security performance advisory record: no emergency security patches
with speeds up to 40 Gbps is delivered software turns audit streams into actionable
have ever been required.
by our McAfee Firewall Enterprise information. This award-winning security
for Crossbeam solution running event management (SEM) tool delivers central The pre-configured operating system security
on Crossbeam’s X-Series hardware.
Ask your sales representative for monitoring, and correlated alerting and reporting. policy prevents compromises, and the entire
more information. Choose from more than 500 graphical reports operating system is compartmentalized so
to depict network traffic and help meet all major attackers cannot disrupt its work.
regulatory requirements.
These extra steps allowed us to be the first firewall
Sold separately, McAfee Firewall Enterprise to achieve Common Criteria EAL 4+ certification
Control Center offers centralized firewall policy with US DoD Protection Profile compliance.
management for multiple Firewall Enterprise
Because of our innovation and advanced
appliances. It lets you maximize operational
security, the McAfee Firewall Enterprise protects
efficiency, simplify policy control, optimize rules,
15,000 networks around the world, including
streamline software updates, and demonstrate
thousands of government agencies, Fortune 500
regulatory compliance. You can even compare
organizations, and seven of the top 10 financial
policy configurations on all of your Control
institutions. Put us to work protecting you.
Center-managed devices to ensure consistency
 Data Sheet McAfee Firewall Enterprise Appliance

WAN Optimization and Crossbeam X-Series

Virtual Firewall to Protect Branch Office Security Firewall Performance
Your Virtual Infrastructure On a Single Device Up To 40 Gbps

Hardware Specs1 S1104 410 510 1100 2100 2150 2150 VX-XX 4150
Form factor Small 1U Small 1U Small 1U Enterprise 1U Enterprise 2U Enterprise 2U Enterprise 2U Enterprise 5U
Unlimited user licenses Yes Yes Yes Yes Yes Yes Yes Yes

Recommended users 200 300 600 Med–Large Med–Large Large Large Enterprise

RAID N/A N/A N/A RAID 1 RAID 1 RAID 5 RAID 5 RAID 5

Power supply Single Single Single Dual Dual Dual Dual Dual
Copper interfaces
4–Gb 8–Gb 8–Gb 10/16–Gb 10/22–Gb 10/22–Gb 22/24–Gb 14/26–Gb
(base/max)
Fiber interface option
N/A N/A N/A 6 12 12 N/A 12
(max)
10 Gb interface option
N/A N/A N/A 6 6 6 6 6
(max)
Encrypted filtering
N/A N/A N/A Yes Yes Yes Yes Yes
acceleration card option
FCC (U.S. only) Class B, ICES (Canada) Class B, CE Mark (EN 55022 Class B, EN55024, EN61000-3-2, EN61000-3-3), VCC (Japan) Class B, BSMI
Regulatory compliance (Taiwan) Class A, C-Tick (Australia/New Zealand) Class B, SABS (South Africa) Class B, MIC (Korea) Class B, UL 60950, CAN/CSA C22.2 No. 60950,
IEC 60950
Performance1
Firewall performance
750 Mbps 1.5 Gbps 3 Gbps 7.5 Gbps 7.5 Gbps 10 Gbps 10 Gbps 12 Gbps
(max)2
Threat prevention2 250 Mbps 500 Mbps 1.5 Gbps 3 Gbps 3 Gbps 5 Gbps 5 Gbps 6 Gbps
AppPrism 2
250 Mbps 500 Mbps 1 Gbps 3 Gbps 4 Gbps 4 Gbps 4 Gbps 5 Gbps
Concurrent sessions2 200,000 500,000 750,000 950,000 950,000 1,100,000 1,100,000 1,300,000
New sessions per
5,000 15,000 20,000 25,000 25,000 30,000 30,000 35,000
second2
IPSec VPN throughput
60 Mbps 200 Mbps 275 Mbps 300 Mbps 300 Mbps 400 Mbps 400 Mbps 700 Mbps
(AES)2
IPSec VPN max # of
250 500 1,000 2,000 2,000 4,000 4,000 8,000
tunnels2
Dimensions, weight, environmental
16.9 in 17.6 in 17.6 in 18.9 in 17.4 in 17.4 in 17.4 in 19.00 in
Width
42.93 cm 44.7 cm 44.7 cm 48.2 cm 44.3 cm 44.3 cm 44.3 cm 48.25 cm
8.5 in 16.75 in 21.5 in 30.4 in 26.8 in 26.8 in 26.8 in 24.4 in
Depth
21.59 cm 42.54 cm 54.6 cm 77.2 cm 68.1 cm 68.1 cm 68.1 cm 62.1 cm
1.5 in 1.68 in 1.68 in 1.67 in 3.4 in 3.4 in 3.4 in 8.57 in
Height
3.81 cm 4.2 cm 4.2 cm 4.26 cm 8.64 cm 8.64 cm 8.64 cm 21.77 cm
10.93 lbs 15.3 lbs 26 lbs 39.0 lbs 57.5 lbs 57.5 lbs 57.5 lbs 77 lbs
Weight
4.96 kg 6.94 kg 11.8 kg 17.7 kg 26.1 kg 26.1 kg 26.1 kg 35 kg
100 W 345 W 345 W Dual 717 W Dual 870 W Dual 870 W Dual 870 W Dual 870 W
Power supply details
110/220 V 110/220 V 110/220 V 110/220 V 110/220 V 110/220 V 110/220 V 110/220 V
0º C – 50º C 10º C – 35º C 10º C – 35º C 10º C – 35º C 10º C – 35º C 10º C – 35º C 10º C – 35º C 10º C – 35º C
Operating temperature
32º F – 122º F 50º F – 95º F 50º F – 95º F 50º F – 95º F 50º F – 95º F 50º F – 95º F 50º F – 95º F 50º F – 95º F

1. All specification and performance results are based on the F-series and S-series of appliances.
2. V8 performance data represents the maximum capabilities of the systems as measured under optimal testing conditions. Deployment and policy considerations may impact performance results.

McAfee, Inc. McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other
2821 Mission College Boulevard countries. Other marks and brands may be claimed as the property of others. The product plans, specifications and descriptions herein are
Santa Clara, CA 95054 provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied.
888 847 8766 Copyright © 2010 McAfee, Inc.
www.mcafee.com 19101ds_firewall-enterprise_1210_fnl_ETMG