4 Replies Latest reply on Oct 29, 2012 9:08 AM by mtuma

    Looking for features in McAfee Firewall Enterprise S4016 v8.xx

    saif

      Hello Everyone,

       

      There is some functionality that I want to address in a firewall but I am not sure if McAfee firewall Enterprise S4016 v8.xx can handle them .I don't have enough experience in MFE as you do to address them in MFE ,these are the functionality I am looking for :

       

      - Support load balancing between more than 2 internet links .

      - Policy based routing .

      - Support multi deployment type : Transparent Proxy ,Reverse Proxy .

      - Support SSL offloading .

      - Cover OWASP top-ten Protection .

      - Handel more than 30k of http transaction rate .

       

      I want to use it as Web Application Firewall to satisfy PCI DSS compliance ,especially session 6.6 .Please advise .

       

      PS: Kindly add the document/s that address the features for referencing .

       

      Thank you in advance

        • 1. Re: Looking for features in McAfee Firewall Enterprise S4016 v8.xx
          saif

          I want to add ,that if there are a work around solution for these features please add them .

          • 2. Re: Looking for features in McAfee Firewall Enterprise S4016 v8.xx
            PhilM

            You may wish to move this into the Firewall Enterprise sub-forum as it will gain greater exposure and there are a genuine McAfee support engineers (sleidl, mtuma & rdestics) who, as and when they can, answer queries on this product. If you can't move it yourself, you may wish to look at the help topics to see how you can engage with one of the site moderators and get them to do it for you.

             

            I haven't personally tried to use MFE as a pure web application firewall or as an explicit reverse proxy, but this is what I can offer you:-

             

            - Support load balancing between more than 2 internet links .

            It will support automatic link failover (but it is a manual process to change it back when the primary link returns), but not load balancing. This requires a 3rd party load balancing solution.


            - Policy based routing .

            I'm afraid not. I would love to see protocol or policy-based routing added to this solution and when the McAfee product manager came over to the UK for the launch of v8 it was one of the first things I asked. But, sadly, it just doesn't seem to be that high on McAfee's list of priorities.


            - Support multi deployment type : Transparent Proxy ,Reverse Proxy .

            One of my colleagues has been able to install a system with some interfaces running in transparent mode and others in standard proxy mode, but I don't think that once you have configured a pair of interfaces in layer-2 bridge mode you can then send explicit traffic to them also (if that was what you were thinking). But with different interfaces running in standard mode it is eminently possible.


            - Support SSL offloading .

            I've just looked at the reseller price list and there appears to be a legacy hardware option for the older F-model appliances for a separate SSL hardware module, but nothing for the current range. Whether this is because McAfee consider the new hardware models to be up to the task, I don't know. If by "offloading" you mean to a different appliance, I can't see anything in the GUI which would suggest this is possible.

             

            As far as the other questions are concerned you may be better off contacting the McAfee reseller local to you and, as McAfee acredited partners, they should be able to engage directly with McAfee on your behalf.

             

            Anyway, I hope this is of some use to you.

             

            -Phil.

            1 of 1 people found this helpful
            • 3. Re: Looking for features in McAfee Firewall Enterprise S4016 v8.xx
              saif

              Hello Phil,

               

              First,Thank you for help .Second,I mean by SSL offloading is that the firewall decrypt SSL encrypted traffic so it deliver without  encryption to the server so the server can save its resources.

               

              Thank you in advance .

              • 4. Re: Looking for features in McAfee Firewall Enterprise S4016 v8.xx

                Hello,

                 

                To answer your question about SSL decryption, yes, all models support this. Some have a chip to do the SSL decryption, some do it with software (relying on the CPUs).

                 

                These questions would best be referred to a salesperson though. They will be able to answer them and give you more details on the models and their functionality.

                 

                -Matt

                1 of 1 people found this helpful