McAfee FWE-C3000-UPG FWEC3000UPGP 데이터 시트
제품 코드
FWEC3000UPGP
See the “Who” On Your Network
McAfee firewalls leverage
McAfee Logon Collector which
simplifies discovery, logon, and
authentication processes across
all McAfee firewall management
tools as well as McAfee Data Loss
Prevention. This non-invasive
process maps IP addresses to
users for all types of traffic
to enable user-based policies
without requiring the user to
authenticate to the firewall or
use a protocol that supports
authentication.
McAfee Logon Collector which
simplifies discovery, logon, and
authentication processes across
all McAfee firewall management
tools as well as McAfee Data Loss
Prevention. This non-invasive
process maps IP addresses to
users for all types of traffic
to enable user-based policies
without requiring the user to
authenticate to the firewall or
use a protocol that supports
authentication.
•
Quickly discover who is using
which application and check
authentication status.
which application and check
authentication status.
•
Enforce user-based access
control policies without a
separate authentication step.
control policies without a
separate authentication step.
•
Leverage users and groups in
your Microsoft Active Directory.
your Microsoft Active Directory.
•
Enforce additional active
authentication for users not
logged in to the domain.
authentication for users not
logged in to the domain.
•
Authenticate using captive
portal, NTLM, Radius, LDAP,
and Active Directory.
and Active Directory.
Cost-Effectively Manage Multiple
Entities or Organizations
Entities or Organizations
McAfee Firewall Enterprise
Control Center helps managed
service providers and
organizations with multitenant
management or reporting
requirements administer the
Control Center helps managed
service providers and
organizations with multitenant
management or reporting
requirements administer the
firewalls of multiple customers
or separate entities.
•
Create “domains” or “zones”
that act as separate McAfee
Firewall Enterprise Control
Center instances—administrators
only see the firewall and policies
for their particular customer
or entity.
that act as separate McAfee
Firewall Enterprise Control
Center instances—administrators
only see the firewall and policies
for their particular customer
or entity.
•
Separate configurations for
several enterprises and hide
information about an enterprise
several enterprises and hide
information about an enterprise
from administrators of other
enterprises.
•
Keep configuration simple
and save time and effort with
common rule objects; cross-
enterprise policy objects can
still be shared or reused by
all domains.
and save time and effort with
common rule objects; cross-
enterprise policy objects can
still be shared or reused by
all domains.
•
Role-based access control helps
enforce change-control policies.
enforce change-control policies.
Search filters let you selectively view the rules for
a particular firewall, firewall group, or the entire
organization, and then easily modify those rules.
Once defined, you can distribute rules to hundreds
of firewalls, sharing them across logical enterprise
groups, such as global, group, cluster, or local
domains, or configuration domains, such as those
offered by managed-service providers.
organization, and then easily modify those rules.
Once defined, you can distribute rules to hundreds
of firewalls, sharing them across logical enterprise
groups, such as global, group, cluster, or local
domains, or configuration domains, such as those
offered by managed-service providers.
Optimized policies deliver better firewall
performance and better security
performance and better security
Over time, rule sets tend to grow, overlap, and
become ineffective, making it easier to make
mistakes. To reduce the number of rules, our tools
automate clean up. Wizards help you scan for,
become ineffective, making it easier to make
mistakes. To reduce the number of rules, our tools
automate clean up. Wizards help you scan for,
identify, and merge similar rules (a common set of
parameters) and delete duplicate or unused rules
parameters) and delete duplicate or unused rules
to keep rule sets manageable.
For example, multiple administrators might create
separate objects that have different names, but
perform the same function. The “merge objects”
command will look for this situation and clean it
up with a single common object. Fewer rules to
consider equals better performance.
separate objects that have different names, but
perform the same function. The “merge objects”
command will look for this situation and clean it
up with a single common object. Fewer rules to
consider equals better performance.
Adaptive objects allow rule grouping
and reuse
Administrators implement policies by defining
intelligent objects once, and then reusing them
whenever and wherever they make sense. With
object grouping, you can do much more with a
single rule and consolidate rule sets.
whenever and wherever they make sense. With
object grouping, you can do much more with a
single rule and consolidate rule sets.
McAfee Firewall Enterprise Control Center
supports many types of objects, including firewalls
and firewall groups, hosts, networks, address
ranges, applications, endpoint groups, and
services, including geo-location objects.
supports many types of objects, including firewalls
and firewall groups, hosts, networks, address
ranges, applications, endpoint groups, and
services, including geo-location objects.
McAfee Firewall Enterprise Control Center also
gives you visibility into rule usage. You can identify
the most used rules, least used rules, and rules
that have not been matched by firewall traffic in
the last 30 days. This real-world data lets you:
gives you visibility into rule usage. You can identify
the most used rules, least used rules, and rules
that have not been matched by firewall traffic in
the last 30 days. This real-world data lets you:
•
Move most-used rules to the top of the rule list
so traffic can be processed quickly.
so traffic can be processed quickly.
•
Investigate least-used rules to see if they are
working as intended.
working as intended.
•
Delete or disable unused rules that must be
justified during audits.
justified during audits.
You can even compare policy configurations on all
of your McAfee Firewall Enterprise Control Center-
managed devices to ensure consistency across
your network. Robust configuration management
managed devices to ensure consistency across
your network. Robust configuration management
lets you centrally track, trace, and validate all
policy changes.
policy changes.
Manage and monitor firewall software
For efficient and consistent updates, McAfee
Firewall Enterprise Control Center can
automatically detect when new releases and
Firewall Enterprise Control Center can
automatically detect when new releases and
firmware are available on the McAfee site. Simply
download the files you need and store them
on McAfee Firewall Enterprise Control Center’s
Management Server for manual or automated
installation. When you are ready to install, you
can push new releases to one system or to
hundreds simultaneously.
on McAfee Firewall Enterprise Control Center’s
Management Server for manual or automated
installation. When you are ready to install, you
can push new releases to one system or to
hundreds simultaneously.
McAfee Firewall Enterprise Control Center
displays the installation history for all managed
firewalls along with the progress of the current
deployment. If needed, you can restore a trusted
device configuration in seconds with a few clicks
of the mouse.
displays the installation history for all managed
firewalls along with the progress of the current
deployment. If needed, you can restore a trusted
device configuration in seconds with a few clicks
of the mouse.
Complete access control with role-based
administration and configuration domains
administration and configuration domains
Some configuration changes are routine, while
others are far-reaching. Role-based access allows
you to exert centralized, consistent, policy-based
control over distributed teams, determining which
management functions can be viewed or changed
based on each person’s responsibilities. Role-
based access can also ensure that only approved
users create or validate rules, reducing the risk of
unauthorized changes or rule conflicts breaking
you to exert centralized, consistent, policy-based
control over distributed teams, determining which
management functions can be viewed or changed
based on each person’s responsibilities. Role-
based access can also ensure that only approved
users create or validate rules, reducing the risk of
unauthorized changes or rule conflicts breaking
the firewall. Customers subject to Payment
Card Industry Data Security Standard (PCI DSS)
Card Industry Data Security Standard (PCI DSS)
often employ role-based access to enforce
change controls.
change controls.
You can create any number of roles to address
each organization’s needs and privileges, associate
rules with roles (to limit modifications), and
establish priority protections for rules. Different
roles could be defined to:
rules with roles (to limit modifications), and
establish priority protections for rules. Different
roles could be defined to:
•
Change only domain name system (DNS) entries.
•
View event or audit logs.
•
Create rules associated with a specific network
service or protected server.
service or protected server.
You might dictate that certain rules must always
be at the top of the policy list and moved only
by certain privileged users. Roles, like the rules
you build, link to users and groups in LDAP and
by certain privileged users. Roles, like the rules
you build, link to users and groups in LDAP and
Active Directory so the system can auto-create
or auto-deactivate users as they connect to
McAfee Firewall Enterprise Control Center for the
McAfee Firewall Enterprise Control Center for the
first time.