cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 5

Looking for features in McAfee Firewall Enterprise S4016 v8.xx

Hello Everyone,

There is some functionality that I want to address in a firewall but I am not sure if McAfee firewall Enterprise S4016 v8.xx can handle them .I don't have enough experience in MFE as you do to address them in MFE ,these are the functionality I am looking for :

- Support load balancing between more than 2 internet links .

- Policy based routing .

- Support multi deployment type : Transparent Proxy ,Reverse Proxy .

- Support SSL offloading .

- Cover OWASP top-ten Protection .

- Handel more than 30k of http transaction rate .

I want to use it as Web Application Firewall to satisfy PCI DSS compliance ,especially session 6.6 .Please advise .

PS: Kindly add the document/s that address the features for referencing .

Thank you in advance

4 Replies
Highlighted
Level 7
Report Inappropriate Content
Message 2 of 5

Re: Looking for features in McAfee Firewall Enterprise S4016 v8.xx

I want to add ,that if there are a work around solution for these features please add them .

Highlighted
Level 14
Report Inappropriate Content
Message 3 of 5

Re: Looking for features in McAfee Firewall Enterprise S4016 v8.xx

You may wish to move this into the Firewall Enterprise sub-forum as it will gain greater exposure and there are a genuine McAfee support engineers (sleidl, mtuma & rdestics) who, as and when they can, answer queries on this product. If you can't move it yourself, you may wish to look at the help topics to see how you can engage with one of the site moderators and get them to do it for you.

I haven't personally tried to use MFE as a pure web application firewall or as an explicit reverse proxy, but this is what I can offer you:-

- Support load balancing between more than 2 internet links .

It will support automatic link failover (but it is a manual process to change it back when the primary link returns), but not load balancing. This requires a 3rd party load balancing solution.


- Policy based routing .

I'm afraid not. I would love to see protocol or policy-based routing added to this solution and when the McAfee product manager came over to the UK for the launch of v8 it was one of the first things I asked. But, sadly, it just doesn't seem to be that high on McAfee's list of priorities.


- Support multi deployment type : Transparent Proxy ,Reverse Proxy .

One of my colleagues has been able to install a system with some interfaces running in transparent mode and others in standard proxy mode, but I don't think that once you have configured a pair of interfaces in layer-2 bridge mode you can then send explicit traffic to them also (if that was what you were thinking). But with different interfaces running in standard mode it is eminently possible.


- Support SSL offloading .

I've just looked at the reseller price list and there appears to be a legacy hardware option for the older F-model appliances for a separate SSL hardware module, but nothing for the current range. Whether this is because McAfee consider the new hardware models to be up to the task, I don't know. If by "offloading" you mean to a different appliance, I can't see anything in the GUI which would suggest this is possible.

As far as the other questions are concerned you may be better off contacting the McAfee reseller local to you and, as McAfee acredited partners, they should be able to engage directly with McAfee on your behalf.

Anyway, I hope this is of some use to you.

-Phil.

Highlighted
Level 7
Report Inappropriate Content
Message 4 of 5

Re: Looking for features in McAfee Firewall Enterprise S4016 v8.xx

Hello Phil,

First,Thank you for help .Second,I mean by SSL offloading is that the firewall decrypt SSL encrypted traffic so it deliver without  encryption to the server so the server can save its resources.

Thank you in advance .

Highlighted
Level 13
Report Inappropriate Content
Message 5 of 5

Re: Looking for features in McAfee Firewall Enterprise S4016 v8.xx

Hello,

To answer your question about SSL decryption, yes, all models support this. Some have a chip to do the SSL decryption, some do it with software (relying on the CPUs).

These questions would best be referred to a salesperson though. They will be able to answer them and give you more details on the models and their functionality.

-Matt

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community