Next-generation Firewalls

next generatio

The McAfee Next Generation Firewall provides innovative technology to meet the complex, high-performance needs of demanding, highly secure data centers and distributed enterprises — both today and tomorrow.

Key Features

  • Deliver flexible security in minutes — Customers can place security capabilities when and where they need them throughout the network, and use software keys to unlock new features without disruption to get maximum value out of each investment. The McAfee solution provides one security engine with many uses — from stateful firewall to next-generation IPS to evasion prevention system.
  • Count on high availability and scalability — Customers can activate all Next Generation Firewall security capabilities in the most demanding locations. Active clustering of up to 16 nodes operating at speeds up to 120 Gbps provides great flexibility in situations where processing-intensive security applications, such as deep inspection or VPNs, require more performance, as well as servicing of systems without downtime.
  • Avoid device-level management chaos — Next Generation Firewall provides easy and efficient centralized management for even the most complex networks. Use a single pane of glass to develop policies, reuse workflows, and monitor network activities for hundreds of firewalls distributed from branch sites to data centers.
  • Protect the network — Next Generation Firewall prevents advanced attacks and advanced evasion techniques. In addition to next-generation firewall features, such as application control and IPS, it has unparalleled detection rates on advanced evasions. These attacks obfuscate their actions by delivering payloads over multiple protocols.

Product Positioning

McAfee Firewall Enterprise comparison

McAfee Firewall Enterprise addresses an important niche market for enterprises that requires a proxy firewall. The high assurance nature of a proxy-based firewall is critical for high-security environments, such as military defense networks.

However, the largest demand in the enterprise and commercial market is for stateful firewalls. Stateful inspection, also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.

McAfee Next Generation Firewall offers:

  • A flexible, modular security engine
  • Full range of next-generation features, including application control and IPS
  • Evasion Prevention System (EPS) mode to detect attacks that may be getting by an existing firewall and IPS solutions; it alerts users when it has detected and blocked evasions
  • Some IPS capabilities with EPS mode

McAfee Network Security Platform comparison

Evasion detection and stateful inspection distinguishes McAfee Next Generation Firewall from McAfee Firewall Enterprise. McAfee’s award-winning Network Security Platform (IPS) offers:

  • Highest protection out of the box — reducing total cost of ownership
  • Very high-speed operation – up to 40 Gbps
  • Malware detection and blocking
  • Integrated distributed denial-of-service (DDoS) protection
  • Network behavior analysis and analytics
  • Reconnaissance detection

McAfee will continue to improve its Network Security Platform, bringing many of its capabilities into McAfee Next Generation Firewall as those features mature.

Features & Benefits
Deploy security as you need it

Choose from software, physical, and virtual appliances to match every budget and network architecture. IPv6 support is also available. McAfee Next Generation Firewall allows you to pick and choose these modules on the same platform: evasion prevention system (EPS), firewall, and application control, with just a change in license keys.

Maintain high availability

High availability is at the core of the McAfee Next Generation Firewall. Active-active clustering up to 16 appliances, running different software versions within the same cluster, provides scalability and high availability in demanding data center environments and situations where processing-intensive security applications, such as deep inspection or VPNs, require more performance.

Use application controls to manage network usage

Define fine-grained application usage policies based on user or user group, traffic type, target or source IP address, interface or domain name, time, and day of the week to better manage your network bandwidth and enforce appropriate usage policies.

Block advanced anti-evasion techniques

Defend against sophisticated anti-evasion techniques, typically used by well-resourced, motivated attackers launching advanced persistent threats. Always up to date, this layer of protection is critical to stop emerging network-based attacks that can bypass most security solutions by distributing payloads across multiple protocols.

Manage more with less

Use a single, powerful management console for expanded visibility into your entire network. Centralized management helps reduce operational costs and eliminate chaos by unifying control of network security devices at remote sites and throughout the corporate infrastructure.

Leverage the power of the Stonesoft platform

Noted as a Visionary in the 2013 Gartner Magic Quadrant for Firewall, Stonesoft technology is recognized for its next-generation firewall features not found in competing firewalls and detecting advanced evasion techniques. Additionally, in independent reviews by NSS Labs, Stonesoft next-generation firewall technology delivered best-in-class performance, with a 100% protection rate in exploit, evasion, and stability testing.