McAfee® | Next Generation Firewall

McAfee® Next Generation Firewall changes how network security is delivered. McAfee Next Generation Firewall complements network edge solutions with a highperformance, advanced next-generation firewall (NGFW) solution that is versatile and adaptable. It adds control, visibility, and protection—including advanced anti-evasion techniques—where you need it most, including remote sites and branches, data centers, and the network edge.

Most legacy firewalls force enterprises to choose between critical features and then bolt on new security components as separate, individually managed boxes. Some NGFWs offer impressive features without the performance and availability required for reliable protection and control during demanding operations.

McAfee Next Generation Firewall has been built from the ground up to deliver application control, intrusion prevention system (IPS), and virtual private network (VPN) functionality—as well as innovative evasion prevention capabilities in an efficient, extensible, and highly scalable design.

Offering more than just deep packet inspection, McAfee Next Generation Firewall includes powerful anti-evasion technologies that decode and normalize network traffic for inspection on all protocol layers, making traffic evasion-free and exploits detectable. Vulnerability-based fingerprints block exploits in the normalized data stream.

One Unified Software Core

McAfee Next Generation Firewall is available as a physical appliance, software solution, or virtual appliance. All options are based on a unified software core and receive new features and updates automatically. The solution has been designed from the ground up to offer significant performance advantages and ease of use compared with traditional multifunction products.

One Management Center

With the McAfee Security Management Center, administrators have the ability to manage and/ or monitor all security devices and relevant information across the network. This is done by enabling policy management of the appliance, tracking usage at the application and user level, applying policies, and generating reports. McAfee Security Management Center gives you the power and flexibility to place the right network security where you need it and keep your business running smoothly as needs and threats evolve.


McAfee Next Generation Firewall lets administrators choose, self-configure, and change platforms, capacity, security controls, and features on the fly— without extra fees or new contracts. McAfee Next Generation Firewall can be configured to fill any
needed network security product role:

  • Firewall/VPN concentrator—NGFW with NGFWIPS mode performing application control, deep packet inspection, and virtual private network (VPN) functionality.
  • IPS mode—Performs layer 7 application analysisand can detect sophisticated attacks, such as advanced evasion techniques
    (AETs) at the network edge or manage application traffic within network segments.
  • Layer 2 firewall—Convenient when you need the network segmentation, but cannot use routing; this mode also supports
    filtering of non-IP legacy protocols or lower-level layer 2 protocols.
  • IPsec VPN—Provides a highly available remote access gateway for branch and remote offices, including antivirus, antispam, and
    web filtering.

Anti-Evasion Capabilities

As part of the solution, McAfee provides the industry’s most advanced anti-evasion capabilities to protect against today’s advanced threats. Networkbased evasion techniques are used—often in combination and with multiple exploits—to bypass most current security detection devices. They help well-resourced, motivated attackers implement advanced persistent threats (APTs).
McAfee offers unique and thorough protection against the most determined attacks across all protocols and network layers. This NGFW has been successfully tested against more than 800 million AETs. Advanced anti-evasion techniques decode and normalize traffic for inspection on all protocol layers:

  • Normalization removes evasions before data stream inspection.
  • Vulnerability-centric fingerprints detect exploits in the normalized data streams.

Scale Protection with Business

Businesses today require full resiliency in their network security solution. To fulfill business continuity, McAfee Next Generation Firewall provides active clustering of up to 16 nodes, providing great flexibility in situations where processing-intensive security applications such as deep inspection or VPNs require more performance and protection. Transparent session failovers and support for multiple software versions within the same cluster provide industry-leading system availability and serviceability without disruption. McAfee Multi- Link extends high availability to cover network and IPsec VPN connections. You get the confidence of
military-grade security for every deployment. Virtualize the Same Strong Security Accredited as a VMware-ready virtual appliance, this solution is easy to deploy in your virtual infrastructure as a virtual appliance or virtual engine. Each virtual appliance can run independently, even running its own software version and operating system. Yet, virtual appliances are managed in the same way, with the same functionality, as a physical appliance. Virtual context capability allows a physical appliance to support many instances of the NGFW, reducing costs and increasing operational efficiencies. This multitenant capability offers a way to logically separate up to 250 security gateway configurations into separately manageable instances.
This capability enables businesses such as Managed Security Services Providers (MSSPs) to offer and manage services for multiple customers using the same physical elements.

McAfee Next Generation Firewall Specifications
McAfee Next Generation Firewall Appliances Specifications
McAfee Next Generation Firewall Modules