McAfee, Inc. McAfee Firewall Enterprise 1100E, 2150E, And .

2y ago
12 Views
2 Downloads
1.52 MB
41 Pages
Last View : 23d ago
Last Download : 6m ago
Upload by : Arnav Humphrey
Transcription

McAfee, Inc.McAfee Firewall Enterprise 1100E, 2150E, and 4150EHardware Part Numbers: NSA-1100-FWEX-E, NSA-2150-FWEX-E, and NSA-4150-FWEX-EFirmware Version: 8.3.1FIPS 140-2 Non-Proprietary Security PolicyFIPS Security Level: 2Document Version: 0.9Prepared for:Prepared by:McAfee, Inc.2821 Mission College BoulevardSanta Clara, California 95054United States of AmericaCorsec Security, Inc.13135 Lee Jackson Memorial Highway, Suite 220Fairfax, Virginia 22033United States of AmericaPhone: 1 408 988 3832http://www.mcafee.comPhone: 1 703 267 6050http://www.corsec.com

Security Policy, Version 0.9April 11, 2014Table of Contents1INTRODUCTION . 41.1 PURPOSE . 41.2 REFERENCES . 41.3 DOCUMENT ORGANIZATION . 42MFE E-SERIES APPLIANCES . 52.1 OVERVIEW . 52.2 MODULE SPECIFICATION. 82.3 MODULE INTERFACES .102.4 ROLES, SERVICES, AND AUTHENTICATION .152.4.1 Authorized Roles . 152.4.2 Services . 152.4.3 Authentication Mechanisms . 182.5 PHYSICAL SECURITY .202.6 OPERATIONAL ENVIRONMENT.212.7 CRYPTOGRAPHIC KEY MANAGEMENT .212.8 SELF-TESTS .262.8.1 Power-Up Self-Tests . 262.8.2 Conditional Self-Tests . 262.8.3 Critical Functions Self-Test. 272.9 MITIGATION OF OTHER ATTACKS .273SECURE OPERATION . 283.1 CRYPTO-OFFICER GUIDANCE .283.1.1 Initialization . 293.1.2 Management . 353.1.3 Physical Inspection. 363.1.4 Monitoring Status . 363.1.5 Zeroization . 363.2 USER GUIDANCE .373.3 NON-APPROVED MODE OF OPERATION .374ACRONYMS . 38Table of FiguresFIGURE 1 – TYPICAL DEPLOYMENT SCENARIO .5FIGURE 2 – MCAFEE MFE 1100E .6FIGURE 3 – MCAFEE MFE 2150E .6FIGURE 4 – MCAFEE MFE 4150E .7FIGURE 5 – 1100E FRONT PANEL FEATURES AND INDICATORS. 10FIGURE 6 – 1100E BACK PANEL FEATURES AND INDICATORS . 11FIGURE 7 – 2150E FRONT PANEL FEATURES AND INDICATORS. 11FIGURE 8 – 2150E HARD DRIVE INDICATORS . 12FIGURE 9 – 2150E BACK PANEL FEATURES AND INDICATORS . 12FIGURE 10 – 4150E FRONT PANEL FEATURES AND INDICATORS . 13FIGURE 11 – 4150E HARD DRIVE INDICATORS . 13FIGURE 12 – 4150E BACK PANEL FEATURES AND INDICATORS. 14FIGURE 13 – 1100E TAMPER-EVIDENT SEAL APPLICATION POSITIONS (SEALS #1 AND 2) . 30FIGURE 14 – 2150E TAMPER-EVIDENT SEAL APPLICATION POSITION (SEAL #1) . 30FIGURE 15 – 2150E TAMPER-EVIDENT SEAL APPLICATION POSITION (SEAL #2) . 31FIGURE 16 – 4150E TAMPER-EVIDENT SEAL APPLICATION POSITION (SEAL #1) . 31McAfee Firewall Enterprise 1100E, 2150E, and 4150E 2014 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 2 of 41

Security Policy, Version 0.9April 11, 2014FIGURE 17 – 4150E TAMPER-EVIDENT SEAL APPLICATION POSITION (SEAL #2) . 32FIGURE 18 – 4150E TAMPER-EVIDENT SEAL APPLICATION POSITIONS (SEALS #3 AND #4). 32FIGURE 19 – RULES WINDOW . 34FIGURE 20 – ACTIVE RULES POPUP . 34FIGURE 21 – CONFIGURING FOR FIPS . 35List of TablesTABLE 1 – SECURITY LEVEL PER FIPS 140-2 SECTION .8TABLE 2 – APPROVED/ALLOWED SECURITY FUNCTIONS.8TABLE 3 – FIPS 140-2 LOGICAL INTERFACE MAPPINGS . 14TABLE 4 – AUTHORIZED OPERATOR SERVICES . 15TABLE 5 – AUTHENTICATION MECHANISMS EMPLOYED BY THE MODULE . 19TABLE 6 – CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS. 22TABLE 7 – POWER-UP CRYPTOGRAPHIC ALGORITHM SELF-TESTS . 26TABLE 8 – POWER-UP CRYPTOGRAPHIC ALGORITHM SELF-TESTS . 26TABLE 9 – SUMMARY OF FIREWALL ENTERPRISE DOCUMENTATION . 28TABLE 10 – ACRONYMS . 38McAfee Firewall Enterprise 1100E, 2150E, and 4150E 2014 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 3 of 41

Security Policy, Version 0.91April 11, 2014Introduction1.1 PurposeThis is a non-proprietary Cryptographic Module Security Policy for the McAfee Firewall Enterprise 1100E,2150E, and 4150E from McAfee, Inc. This Security Policy describes how the McAfee Firewall Enterprise1100E, 2150E, and 4150E appliances (Hardware Part Numbers: NSA-1100-FWEX-E, NSA-2150-FWEXE, and NSA-4150-FWEX-E; Firmware Version: 8.3.1) meet the security requirements of FederalInformation Processing Standards (FIPS) Publication 140-2, which details the U.S. and CanadianGovernment requirements for cryptographic modules. More information about the FIPS 140-2 standardand validation program is available on the National Institute of Standards and Technology (NIST) and theCommunications Security Establishment Canada (CSEC) Cryptographic Module Validation Program(CMVP) website at http://csrc.nist.gov/groups/STM/cmvp.This document also describes how to run the module in its FIPS-Approved mode of operation. This policywas prepared as part of the Level 2 FIPS 140-2 validation of the module. The McAfee Firewall Enterprise1100E, 2150E, and 4150E appliances are referred to in this document collectively as the MFE E-Series, thecryptographic module, or the module.1.2 ReferencesThis document deals only with operations and capabilities of the module in the technical terms of a FIPS140-2 cryptographic module security policy. More information is available on the module from thefollowing sources: The McAfee corporate website (http://www.mcafee.com) contains information on the full line ofproducts from McAfee. The CMVP website 0-1/140val-all.htm)contains contact information for individuals to answer technical or sales-related questions for themodule.1.3 Document OrganizationThe Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to thisdocument, the Submission Package contains: Vendor Evidence documentFinite State Model documentValidation Submission Summary documentOther supporting documentation as additional referencesThis Security Policy and the other validation submission documentation were produced by Corsec Security,Inc. under contract to McAfee. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2Submission Package is proprietary to McAfee and is releasable only under appropriate non-disclosureagreements. For access to these documents, please contact McAfee.McAfee Firewall Enterprise 1100E, 2150E, and 4150E 2014 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 4 of 41

Security Policy, Version 0.92April 11, 2014MFE E-Series Appliances2.1 OverviewMcAfee, Inc. is a global leader in Enterprise Security solutions. The company’s comprehensive portfolioof network security products and solutions provides unmatched protection for the enterprise in the mostmission-critical and sensitive environments. The McAfee Firewall Enterprise 1100E, 2150E, and 4150Eappliance line was created to meet the specific needs of organizations of all types and enable thoseorganizations to reduce costs and mitigate the evolving risks that threaten today's networks andapplications.Consolidating all major perimeter security functions into one system, the McAfee Firewall Enterpriseappliances are the strongest self-defending perimeter firewalls in the world. Built with a comprehensivecombination of high-speed application proxies, reputation-based threat intelligence, and signature-basedsecurity services, Firewall Enterprise defends networks and Internet-facing applications from all types ofmalicious threats, both known and unknown.Figure 1 – Typical Deployment ScenarioFirewall Enterprise appliances are market-leading, next-generation firewalls that provide applicationvisibility and control even beyond Unified Threat Management (UTM) for multi-layer security – and thehighest network performance. Global visibility of dynamic threats is the centerpiece of Firewall Enterpriseand one of the key reasons for its superior ability to detect unknown threats along with the known. FirewallEnterprise appliances deliver the best-of-breed in security systems to block attacks, including: VirusesWormsTrojansIntrusion attemptsSpam and phishing tacticsCross-site scriptingStructured Query Language (SQL) injectionsDenial of service (DoS)Attacks hiding in encrypted protocolsMcAfee Firewall Enterprise 1100E, 2150E, and 4150E 2014 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 5 of 41

Security Policy, Version 0.9April 11, 2014Firewall Enterprise security features include: Full application filtering, web application filtering, and Network Address Translation (NAT) Authentication using local database, Active Directory, LDAP1, RADIUS2, Windows DomainAuthentication, and more High Availability (HA) Geo-location filtering Encrypted application filtering using TLS 3 and IPsec4 protocols Intrusion Prevention System Networking and Routing Management via Simple Network Management Protocol (SNMP) version 3 Per-connection auditing and policy enforcement of endpoints via DTLS5 protocolThe MFE 1100E is a 1U rack-mountable appliance. The MFE 2150E is a 2U rack-mountable appliance.The MFE 4150E is an enterprise-class 5U rack-mountable appliance. All of these appliances areappropriate for mid- to large-sized organizations. The appliances are shown in Figure 2, Figure 3, andFigure 4 below.Figure 2 – McAfee MFE 1100EFigure 3 – McAfee MFE 2150ELDAP – Lightweight Directory Access ProtocolRADIUS – Remote Authentication Dial-In User ServiceTLS – Transport Layer Security4IPsec – Internet Protocol Security5DTLS – Datagram Transport Layer SecurityMcAfee Firewall Enterprise 1100E, 2150E, and 4150E123 2014 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 6 of 41

Security Policy, Version 0.9April 11, 2014Figure 4 – McAfee MFE 4150EThe MFE E-Series can be managed locally or remotely using one of the following management tools: Administration Console – The Administration Console (or Admin Console) is the graphicalsoftware that runs on a Windows computer within a connected network. Admin Console isMcAfee’s proprietary GUI management software tool, and needs to be installed on a Windowsbased workstation. This is the primary management tool. All Admin Console sessions areprotected over secure TLS channel. Command Line Interface (CLI) – A UNIX-based CLI is also available for configuring the firewalland performing troubleshooting functions. It can be used as an alternative to the Admin Consoleto perform most administration tasks. The CLI is accessed locally using a terminal or terminalemulator over the serial port or by a direct-connected keyboard and monitor. Remote access is viaSecure Shell (SSH) session. MFE SNMP Agent – The MFE E-Series can use the SNMP v3 protocol for remote management,and to provide information about the state and statistics as part of a Network Management System(NMS).Although SNMP v3 can support AES encryption, the protocol employs a non-Approved keygeneration method. However, the module’s SNMP Agent does not support “set” requests,preventing the modification of any critical security parameters (CSPs) through this interface.Additionally, because the module’s CSPs are not defined in the Firewall’s MIB 6, informationabout those CSPs is not made available to be transmitted or viewed over this interface. Thus, thisinterface provides management for non-FIPS-relevant information only, and offers no ability toalter or view CSPs. MFE Control Center – Control Center is an enterprise-class management appliance that enablesscalable centralized management and monitoring of the McAfee Firewall Enterprise solutions,allowing network administrators to centrally define firewall policy, deploy updates, inventory theirfirewall products, generate reports, and demonstrate regulatory compliance. Control Center isdesigned to run on an administrator’s workstation, and allows network administrators to fullymange their firewall solutions from the network edge to the core. Management communicationsbetween the MFE and Control Center are secured over a TLS session.6MIB – Management Information BaseMcAfee Firewall Enterprise 1100E, 2150E, and 4150E 2014 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 7 of 41

Security Policy, Version 0.9April 11, 2014For more information regarding Control Center, please refer to McAfee’s Control Center productdocumentation.The MFE E-Series is validated at the FIPS 140-2 Section levels shown in Table 1.Table 1 – Security Level Per FIPS 140-2 SectionSectionSection TitleLevel1Cryptographic Module Specification22Cryptographic Module Ports and Interfaces23Roles, Services, and Authentication24Finite State Model25Physical Security26Operational Environment7Cryptographic Key Management28EMI/EMC729Self-tests210Design Assurance211Mitigation of Other AttacksN/AN/A2.2 Module SpecificationThe MFE E-Series is a multi-chip standalone hardware module that meets overall Level 2 FIPS 140-2requirements. The cryptographic boundary of the MFE E-Series is defined by the hard metal chassis,which surrounds all the hardware and firmware components.The module implements three firmware cryptographic libraries to offer secure networking protocols andcryptographic functionalities. The firmware libraries for the module are: McAfee Firewall Enterprise 32-bit Cryptographic Engine v8.3McAfee Firewall Enterprise 64-bit Cryptographic Engine v8.3Kernel Cryptographic Library for SecureOS (KCLSOS) v8.2Security functions offered by the libraries in the module’s Approved mode of operation (and theirassociated algorithm implementation certificate numbers) are listed in Table 2.Table 2 – Approved/Allowed Security FunctionsApproved Security Function32-Bit64-BitKCLSOS23032305---1833Symmetric KeyAdvanced Encryption Standard (AES) 128/192/256-bit inCBC8, ECB9, OFB10, CFB12811 modesAES 128/192/256-bit in CBC, ECB modesEMI/EMC – Electromagnetic Interference / Electromagnetic CompatibilityCBC – Cipher-Block ChainingECB – Electronic Codebook10OFB – Output Feedback11CFB128 – 128-bit Cipher FeedbackMcAfee Firewall Enterprise 1100E, 2150E, and 4150E789 2014 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 8 of 41

Security Policy, Version 0.9Approved Security FunctionApril 11, 201432-Bit64-BitKCLSOS14511453---1185RSA12 ANSI13 X9.31 key generation: 2048/3072-bit11871189-RSA PKCS #1 signature generation: 2048/3072-bit11871189-RSA PKCS #1 signature Digital Signature Algorithm (DSA) signature verification: on-approved,but allowedNon-approved,but allowed-Non-approved,but allowedNon-approved,but allowed-Triple Data Encryption Standard (DES) 2-key and 3-keyoptions in CBC, ECB, OFB, CFB64 modesTriple DES 2-key and 3-key options in CBC modeAsymmetric KeySecure Hash StandardSHA14-1, SHA-256, SHA-384, and SHA-512Message AuthenticationHMAC15 using SHA-1, SHA-256, SHA-384, and SHA-512Random Number Generation (RNG)ANSI X9.31 Appendix A.2.4 PRNGKey Agreement Schemes (KAS)Diffie-Hellman (DH): 2048-bit16Key Transport SchemesRSA encrypt/decrypt17 2048/3072-bitNOTE: As of December 31, 2010, the following algorithms listed in the table above are considered “restricted” or “legacy-use”.For details regarding algorithm deprecation, please refer to NIST Special Publication 800-131A. Two-key Triple DES18 1024-bit DSA digital signature verification 1024/1536-bit RSA digital signature verificationThe module also includes the following non-compliant algorithms: 1024/1536/4096-bit RSA PKCS #1 signature generation1024/1536/4096-bit RSA ANSI X9.31 key generation1024-bit Diffie-Hellman1024/1536/4096-bit RSA encrypt/decrypt12RSA – Rivest, Shamir, and AdlemanANSI – American National Standards Institute14SHA – Secure Hash Algorithm15HMAC – (Keyed-) Hash Message Authentication Code16Caveat: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliantless than 112 bits of encryption strength)17Caveat: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant lessthan 112 bits of encryption strength)18Caveat: To use the two-key Triple DES algorithm to encrypt data (or wrap keys) in an Approved mode of operation, the moduleoperator shall ensure that the same two-key Triple DES key is not used for encrypting data (or wrapping keys) with more than 2 20plaintext data (or plaintext keys).McAfee Firewall Enterprise 1100E, 2150E, and 4150EPage 9 of 4113 2014 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.

Security Policy, Version 0.9April 11, 2014Additionally, the module employs a hardware RNG which acts as an entropy-gathering mechanism toprovide seeding material for KCLSOS PRNG.2.3 Module InterfacesInterfaces on the module can be categorized as the following FIPS 140-2 logical interfaces: Data Input InterfaceData Output InterfaceControl Input interfaceStatus Output InterfacePower InterfaceThe physical ports and interfaces for the various models are shown below. Note the following acronymsused in the figures below: LCD – Liquid Crystal Display NIC – Network Interface Card NMI – Non-Maskable Interrupt PCI - Peripheral Component Interconnect USB – Universal Serial BusThe physical ports and interfaces for the MFE 1100E are depicted in Figure 5 and Figure 6 below.Figure 5 – 1100E Front Panel Features and IndicatorsMcAfee Firewall Enterprise 1100E, 2150E, and 4150E 2014 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 10 of 41

Security Policy, Version 0.9April 11, 2014Figure 6 – 1100E Back Panel Features and IndicatorsThe physical ports and interfaces for the MFE 2150E are depicted in Figure 7, Figure 8, and Figure 9 belowFigure 7 – 2150E Front Panel Features and IndicatorsMcAfee Firewall Enterprise 1100E, 2150E, and 4150E 2014 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 11 of 41

Security Policy, Version 0.9April 11, 2014Figure 8 – 2150E Hard Drive IndicatorsFigure 9 – 2150E Back Panel Features and IndicatorsThe physical ports and interfaces for the MFE 4150E are depicted in Figure 10, Figure 11, and Figure 12below.McAfee Firewall Enterprise 1100E, 2150E, and 4150E 2014 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 12 of 41

Security Policy, Version 0.9April 11, 2014Figure 10 – 4150E Front Panel Features and IndicatorsFigure 11 – 4150E Hard Drive IndicatorsMcAfee Firewall Enterprise 1100E, 2150E, and 4150E 2014 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 13 of 41

Security Policy, Version 0.9April 11, 2014Figure 12 – 4150E Back Panel Features and IndicatorsAll of these physical interfaces map to logical interfaces (as defined by FIPS 140-2) as described in Table3.Table 3 – FIPS 140-2 Logical Interface MappingsFIPS 140-2 LogicalInterfaceModule InterfaceData InputConnectors (network)Data OutputConnectors (network)Control InputButtons (NMI, power, LCD panel, system identification)and connectors (network, USB, serial)Status OutputConnectors (video, network, serial), and LED indicators(power-on, drive activity, drive status, system status)PowerConnectors (power)A lockable metal bezel is mounted to each front of each appliance (see Figure 2, Figure 3, and Figure 4).The lock is used to prevent unauthorized access to system peripherals, hard drives, and the control panel.Of the available front panel features and indicators (see Figure 5, Figure 7, and Figure 10), only the LCDpanel and hard drive LEDs are accessible when the bezel is installed.McAfee Firewall Enterprise 1100E, 2150E, and 4150E 2014 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 14 of 41

Security Policy, Version 0.9April 11, 20142.4 Roles, Services, and AuthenticationThe following sections described the authorized roles supported by the module, the services provided forthose roles, and the authentication mechanisms employed.2.4.1 Authorized RolesThere are two authorized roles in the module that an operator may assume: a Crypto-Officer (CO) role anda User role. Crypto-Officer – The Crypto-Officer role performs administrative services on the module, such asinitialization, configuration, and monitoring of the module. User – Users employ the services of the module for establishing VPN19 connections or TLSconnections thru an IPsec tunnel via Ethernet port.2.4.2 ServicesThe services that require operators to assume an authorized role (Crypto-Officer or User) are listed in Table4 below. Please note that the keys and Critical Security Parameters (CSPs) listed in Table 4 use thefollowing indicators to show the type of access required: R (Read): The CSP is readW (Write): The CSP is established, generated, modified, or zeroizedX (Execute): The CSP is used within an Approved or Allowed security function or authenticationmechanismTable 4 – Authorized Operator ServicesServiceDescriptionAuthenticate to the Allows administrators toAdmin Consolelogin to the applianceusing the FirewallEnterprise AdminConsoleAuthenticate to theAdmin Consoleusing CommonAccess Card (CAC)Allows administrators tologin to the appliancewith CAC authenticationto access the FirewallEnterprise AdminConsoleAuthenticate to the Allows administrators toAdmin CLIlogin to the applianceusing the FirewallEnterprise Admin CLIAuthenticate to the Allows administrators toAdmin CLI usinglogin to the applianceCACwith CAC authenticationto access the FirewallEnterprise Admin CLIRoleCOUserCSP and Type of AccessAdministrator Password - RxCommon Access Card Authentication key - RxAdministrator Password - RxCommon Access Card Authentication key - Rx19VPN – Virtual Private NetworkMcAfee Firewall Enterprise 1100E, 2150E, and 4150E 2014 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.Page 15 of 41

Security Policy, Version 0.9ServiceApril 11, 2014DescriptionAuthenticate to the Allows administrators tolocal consolelogin to the appliance viathe local consoleChange passwordManage networkobjectsAllows external users touse a browser to changetheir Firewall Enterprise,SafeWordPremierAccess, or LDAPlogin passwordAllows administrators toview, create, andmaintain networkobjects, managenetgroup memberships,and manage accesscontrol rules’ timeperiodsConfigure identityvalidation methodAllows administrators toselect identity validationsettingsConfigure clustercommunicationProvides servicesrequired to communicatewith each other inFirewall Enterprise multiappliance configurationsConfigure andmonitor VirtualPrivate Network(VPN) servicesGenerates and exchangeskeys for VPN sessionsCreate andconfigure bypassmodeCreates and monitorsIPsec policy table thatgoverns alternatingbypass modeManage web filterManages configurationwith the SmartFilterRoleCOAdministrator Password - RxFirewall Authentication Keys - RKey Agreemen

McAfee Firewall Enterprise 1100E, 2150E, and 4150E Page 4 of 41 . Administration Console – The Administration Console (or Admin Console) is the graphical software that runs on a Windows computer within a connected network. Admin Console is McAfee’s proprietary GUI management s

Related Documents:

McAfee Firewall Enterprise Control Center Release Notes, version 5.3.1 McAfee Firewall Enterprise Control Center Product Guide, version 5.3.1 McAfee Firewall Enterprise McAfee Firewall Enterprise on CloudShield Installation Guide, version 8.3.0 McAfee Network Integrity Agent Product Guide, version 1.0.0.0

the McAfee Firewall Admin Console client software, the hardware or virtual platform for running the firewall software. Configuration B. comprises: the McAfee Firewall Enterprise software, including its SecureOS operating system, the McAfee Firewal

McAfee Management of Native Encryption (MNE) 4.1.1 McAfee Policy Auditor 6.2.2 McAfee Risk Advisor 2.7.2 McAfee Rogue System Detection (RSD) 5.0.4 and 5.0.5 McAfee SiteAdvisor Enterprise 3.5.5 McAfee Virtual Technician 8.1.0 McAfee VirusScan Enterprise 8.8 Patch 8 and Patch 9 McA

McAfee, Inc. McAfee Firewall Enterprise 4150E Hardware Part Number: NSA-4150-FWEX-E Firmware Versions: 7.0.1.03 and 8.2.0 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 2 Document Version: 0.6 Prepared for: Prepared by: McAfee, Inc. Corsec Security, Inc. 282

McAfee Firewall Enterprise Admin Console provides quick access and complete control over your firewalls. Data Sheet McAfee Firewall Management McAfee Firewall Enterprise Control Center Advantages Quickly search fo

7.X and later, and McAfee Firewall Enterprise 7.x and later. Audience McAfee Firewall Enterprise users, who wish to forward syslog events to EventTracker Manager. The information contained in this document represents the current view of Prism Microsystems Inc. on the issu

McAfee Firewall Enterprise 1100F, 2150F, and 4150F Page 4 of 47 . Admin Console is McAfee’s proprietary GUI management software tool that needs to be installed on a Windows-based workstation. This is the primary management tool. All Admin Console

On Getting What You Want: Our Method of Manifestation This point cannot be overemphasized. You need to see that the way it is now is the way you have chosen it to be on some level.