Product Guide
Page 3
... the Response port 20 Cable the Management port 20 Cable Monitoring ports 21 How to use peer ports 21 Default Monitoring port speed settings 21 Cable types for routers, switches, hubs, and PCs 22 Cable the Sensor to monitor in in-line mode 22 Cable the Sensor to monitor in SPAN or hub mode 23 About connecting Sensors for fail-over 23 Cable M-1250/M-1450 Sensor for failover 23 A M-1250/M-1450 Sensor specifications 25 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 3
... the Response port 20 Cable the Management port 20 Cable Monitoring ports 21 How to use peer ports 21 Default Monitoring port speed settings 21 Cable types for routers, switches, hubs, and PCs 22 Cable the Sensor to monitor in in-line mode 22 Cable the Sensor to monitor in SPAN or hub mode 23 About connecting Sensors for fail-over 23 Cable M-1250/M-1450 Sensor for failover 23 A M-1250/M-1450 Sensor specifications 25 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 3
Product Guide
Page 8
... mutual authentication between the Sensor and the Manager server uses secure channels; these ports operate in -line. The monitoring ports for secure communication with the Manager server. You assign an IP address to this Ethernet port during installation. 2 One Response port, which, when you are 1A/1B, 2A/2B, 3A/3B and 4A/4B. 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide When the Sensor operates in the tap mode. 3 One RS-232C Console port, which...
... mutual authentication between the Sensor and the Manager server uses secure channels; these ports operate in -line. The monitoring ports for secure communication with the Manager server. You assign an IP address to this Ethernet port during installation. 2 One Response port, which, when you are 1A/1B, 2A/2B, 3A/3B and 4A/4B. 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide When the Sensor operates in the tap mode. 3 One RS-232C Console port, which...
Product Guide
Page 9
... you must reboot the Sensor using the external compact flash. Response Port Link Green The link is used in the Gigabit Optical Fail-Open Bypass Kit Guide. Flash Green Activity on the front side of the Sensor. McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 9 This port is connected. Front panel LEDs on M-1250/M-1450 Sensor The front panel LEDs provide status information for two purposes. McAfee provides a standard, 2m NEMA 5-15P (US) power cable (3 wire...
... you must reboot the Sensor using the external compact flash. Response Port Link Green The link is used in the Gigabit Optical Fail-Open Bypass Kit Guide. Flash Green Activity on the front side of the Sensor. McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 9 This port is connected. Front panel LEDs on M-1250/M-1450 Sensor The front panel LEDs provide status information for two purposes. McAfee provides a standard, 2m NEMA 5-15P (US) power cable (3 wire...
Product Guide
Page 12
... to be required to telephone-network voltage (TNV) circuits. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with specific V/A ratings. • One set of rack mounting ears. • One printed Quick Start Guide. • Release Notes. International customers are provided a country-appropriate power cable with the instruction manual, may cause harmful interference to...
... to be required to telephone-network voltage (TNV) circuits. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with specific V/A ratings. • One set of rack mounting ears. • One printed Quick Start Guide. • Release Notes. International customers are provided a country-appropriate power cable with the instruction manual, may cause harmful interference to...
Product Guide
Page 17
... all necessary network connections, and connected the power cable to the power supply. If you are installing a redundant power supply, you plug each supply into a different power circuit. Task 1 Connect the power cable to the Sensor power supply. 2 Connect the power cable to a power source. The Sensor has no power switch. Power off the Sensor McAfee recommends that you should install it down. For more information on as soon as described in Installing a power supply. McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 17
... all necessary network connections, and connected the power cable to the power supply. If you are installing a redundant power supply, you plug each supply into a different power circuit. Task 1 Connect the power cable to the Sensor power supply. 2 Connect the power cable to a power source. The Sensor has no power switch. Power off the Sensor McAfee recommends that you should install it down. For more information on as soon as described in Installing a power supply. McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 17
Product Guide
Page 19
... 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 19 Contents Cable the Console port Cable the Auxiliary port Connect the cable to the Response port Cable the Management port Cable Monitoring ports Cable the Sensor to monitor in in-line mode Cable the Sensor to monitor in this guide, cabling specifications is mentioned as Console on the Sensor front panel. 2 Connect the other end of the Console port cable directly to a COM port of the PC or terminal server you will use to configure...
... 8 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 19 Contents Cable the Console port Cable the Auxiliary port Connect the cable to the Response port Cable the Management port Cable Monitoring ports Cable the Sensor to monitor in in-line mode Cable the Sensor to monitor in this guide, cabling specifications is mentioned as Console on the Sensor front panel. 2 Connect the other end of the Console port cable directly to a COM port of the PC or terminal server you will use to configure...
Product Guide
Page 20
... Sensor. This port is labeled as a hub, switch, or a router, through the tap but uses the Response port. 4 Attaching cables to the Sensor Cable the Auxiliary port Name Parity Stop bits Flow Control 3 Power on the Sensor front panel. 2 Connect a modem to the Aux port. 3 Connect a telephone line to the modem. Required settings for communication with the Manager server. 20 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide Task 1 Plug a Cat-5e Ethernet cable into the...
... Sensor. This port is labeled as a hub, switch, or a router, through the tap but uses the Response port. 4 Attaching cables to the Sensor Cable the Auxiliary port Name Parity Stop bits Flow Control 3 Power on the Sensor front panel. 2 Connect a modem to the Aux port. 3 Connect a telephone line to the modem. Required settings for communication with the Manager server. 20 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide Task 1 Plug a Cat-5e Ethernet cable into the...
Product Guide
Page 21
... Cable Monitoring ports 4 Task 1 Plug a Cat-5e Ethernet cable into the Management port. McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 21 Figure 4-1 Monitoring ports of the cable to the network device, such as a hub, a switch, or a router that the switch/router ports connected to work together as Mgmt on the front panel of the Sensor. 2 Connect the other end of an M-1450 Default Monitoring port speed settings Make sure that in pairs to the network devices you will be used...
... Cable Monitoring ports 4 Task 1 Plug a Cat-5e Ethernet cable into the Management port. McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide 21 Figure 4-1 Monitoring ports of the cable to the network device, such as a hub, a switch, or a router that the switch/router ports connected to work together as Mgmt on the front panel of the Sensor. 2 Connect the other end of an M-1450 Default Monitoring port speed settings Make sure that in pairs to the network devices you will be used...
Product Guide
Page 22
... Cable types for in -line mode Table 4-1 Default Monitoring port speed settings Monitoring Ports Operating Mode Speed/Duplex Setting 10/100/1000 ports SPAN Auto-negotiation is ON; Speed and Duplex are configured. To avoid extended network downtime, you should also use peer ports on page 21 22 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide The Sensor 10/100/1000 ports support Auto-MDIX. In case the Sensor fails, the Sensor's internal 10/100/1000 ports fail-open...
... Cable types for in -line mode Table 4-1 Default Monitoring port speed settings Monitoring Ports Operating Mode Speed/Duplex Setting 10/100/1000 ports SPAN Auto-negotiation is ON; Speed and Duplex are configured. To avoid extended network downtime, you should also use peer ports on page 21 22 McAfee® Network Security Platform M-1250/M-1450 Sensor Product Guide The Sensor 10/100/1000 ports support Auto-MDIX. In case the Sensor fails, the Sensor's internal 10/100/1000 ports fail-open...
Quick Start Guide
Page 4
... cable to the network devices that you want to monitor. (For example, if you need to only plug the power cable into the peer of the port used in In-Line mode. Following steps briefly explain the Manager installation: a Prepare the system according to the requirements outlined in other operating modes, see McAfee Network Security Platform M-1250/-1450 Sensor Product Guide 4 Install the Manager Software For detailed instructions, refer to McAfee Network Security Platform Installation Guide. c Go to McAfee Update Server and log on your target Windows server...
... cable to the network devices that you want to monitor. (For example, if you need to only plug the power cable into the peer of the port used in In-Line mode. Following steps briefly explain the Manager installation: a Prepare the system according to the requirements outlined in other operating modes, see McAfee Network Security Platform M-1250/-1450 Sensor Product Guide 4 Install the Manager Software For detailed instructions, refer to McAfee Network Security Platform Installation Guide. c Go to McAfee Update Server and log on your target Windows server...
IPS Configuration Guide
Page 71
... (HTTP, SMTP, DNS), applications (email, FTP, web), and operating systems (Windows, Solaris, Linux). Distributed Denial of Service (DDoS) are explicitly forbidden by the rule set and policy. • Owner: admin domain in a number of the administrative domain. Note: All provided policies, except for Reconnaissance category. 63 Pre-configured rule sets and policies McAfee provides many pre-configured rule sets and policies for example, a port scan or probe...
... (HTTP, SMTP, DNS), applications (email, FTP, web), and operating systems (Windows, Solaris, Linux). Distributed Denial of Service (DDoS) are explicitly forbidden by the rule set and policy. • Owner: admin domain in a number of the administrative domain. Note: All provided policies, except for Reconnaissance category. 63 Pre-configured rule sets and policies McAfee provides many pre-configured rule sets and policies for example, a port scan or probe...
IPS Configuration Guide
Page 128
... system default message, select Reset to System default. 8 Click Apply, and save the settings. 9 After you get the option to create a customized message instead of system default. Manager provides a built-in IPS Quarantine browser message, which can be customized as per your requirements. 120 McAfee® Network Security Platform 5.1 Managing IPS settings 5 Enter the Syslog Server UDP Port. 6 Select the Facility to Use and Priority to Use. 7 The...
... system default message, select Reset to System default. 8 Click Apply, and save the settings. 9 After you get the option to create a customized message instead of system default. Manager provides a built-in IPS Quarantine browser message, which can be customized as per your requirements. 120 McAfee® Network Security Platform 5.1 Managing IPS settings 5 Enter the Syslog Server UDP Port. 6 Select the Facility to Use and Priority to Use. 7 The...
IPS Configuration Guide
Page 168
... to configure Network Security Platform to inspect HTTP responses for exploits on your internal network [for example, a Web server]. If necessary, you can create a new Alert Filter and apply it in only the required directions to IPS Settings > Policies > HTTP Response Scanning or IPS Settings > Sensor_Name > IPS Sensor / IPS Failover Pair > HTTP Response Scanning page. 160 Steps: 1 Go to achieve your network sends a connect request and the Web Server...
... to configure Network Security Platform to inspect HTTP responses for exploits on your internal network [for example, a Web server]. If necessary, you can create a new Alert Filter and apply it in only the required directions to IPS Settings > Policies > HTTP Response Scanning or IPS Settings > Sensor_Name > IPS Sensor / IPS Failover Pair > HTTP Response Scanning page. 160 Steps: 1 Go to achieve your network sends a connect request and the Web Server...
IPS Configuration Guide
Page 216
... Network Security Sensor will receive the MAC address of the device as Network Security Sensor quarantine details of the attack. McAfee® Network Security Platform 5.1 The IPS Sensor_Name node Deleting SSL key files from Manager To delete escrowed SSL key files from Manager, do the following: 1 Click Sensor_Name > SSL Decryption > Key Management. 2 Select the radio button in the Excluded MAC address list so that are not quarantined by clicking the check box adjacent to the Port...
... Network Security Sensor will receive the MAC address of the device as Network Security Sensor quarantine details of the attack. McAfee® Network Security Platform 5.1 The IPS Sensor_Name node Deleting SSL key files from Manager To delete escrowed SSL key files from Manager, do the following: 1 Click Sensor_Name > SSL Decryption > Key Management. 2 Select the radio button in the Excluded MAC address list so that are not quarantined by clicking the check box adjacent to the Port...
Upgrade Guide
Page 3
... Reviewing the upgrade requirements 31 Minimum required Manager version 31 Manager system requirements 31 Manager license file requirement 32 Preparing for the upgrade 32 Reviewing the Upgrade Considerations 33 Backing up Network Security Platform data 35 MDR Manager upgrade 36 Manager and OS upgrade 37 Approach 2: Using a new hardware 38 Stand-alone Manager upgrade 39 Running additional scripts 40 5 Performing Signature Set and Sensor Software upgrade 43 Difference between an update and an upgrade 43 McAfee® Network Security Platform 6.1 Upgrade Guide...
... Reviewing the upgrade requirements 31 Minimum required Manager version 31 Manager system requirements 31 Manager license file requirement 32 Preparing for the upgrade 32 Reviewing the Upgrade Considerations 33 Backing up Network Security Platform data 35 MDR Manager upgrade 36 Manager and OS upgrade 37 Approach 2: Using a new hardware 38 Stand-alone Manager upgrade 39 Running additional scripts 40 5 Performing Signature Set and Sensor Software upgrade 43 Difference between an update and an upgrade 43 McAfee® Network Security Platform 6.1 Upgrade Guide...
Upgrade Guide
Page 7
... You would need to complete in your McAfee® Network Security Platform setup [formerly McAfee® ® IntruShield Network Intrusion Prevention System] from an earlier 6.0 version to 6.0 is not supported. McAfee® Network Security Platform 6.1 Upgrade Guide 7 The upgrade involves the following documents during the upgrade process: • Manager Installation Guide • Manager Server Configuration Guide • Troubleshooting Guide • Custom Attack Definitions Guide • IPS Configuration Guide • System Status Monitoring Guide •...
... You would need to complete in your McAfee® Network Security Platform setup [formerly McAfee® ® IntruShield Network Intrusion Prevention System] from an earlier 6.0 version to 6.0 is not supported. McAfee® Network Security Platform 6.1 Upgrade Guide 7 The upgrade involves the following documents during the upgrade process: • Manager Installation Guide • Manager Server Configuration Guide • Troubleshooting Guide • Custom Attack Definitions Guide • IPS Configuration Guide • System Status Monitoring Guide •...
Upgrade Guide
Page 28
... current Network Security Platform infrastructure meets all third-party applications. Make sure you are following the steps in standby mode. 4 Stop the secondary Central Manager. 5 Using the Switchback command, make the secondary Central Manager active. 2 Upgrade the primary to standby mode before you proceed. See Downloading the Manager/Central Manager executable, Installation Guide. • You have the required 6.0 Central Manager installable file at hand. See Upgrading the Signature Set for the Central Manager on...
... current Network Security Platform infrastructure meets all third-party applications. Make sure you are following the steps in standby mode. 4 Stop the secondary Central Manager. 5 Using the Switchback command, make the secondary Central Manager active. 2 Upgrade the primary to standby mode before you proceed. See Downloading the Manager/Central Manager executable, Installation Guide. • You have the required 6.0 Central Manager installable file at hand. See Upgrading the Signature Set for the Central Manager on...
Upgrade Guide
Page 37
... time. Approach 1: Continuing with your current hardware for 6.0. The high-level steps involved in this approach are based on how to upgrade the OS, refer to Microsoft's documentation. If you can take around an hour. If not done already, upgrade the signature set and the Sensor software. See Performing Signature Set and Sensor Software Upgrade. Upgrading the Manager Manager and OS upgrade 4 Task 1 Using the Switch Over command, make...
... time. Approach 1: Continuing with your current hardware for 6.0. The high-level steps involved in this approach are based on how to upgrade the OS, refer to Microsoft's documentation. If you can take around an hour. If not done already, upgrade the signature set and the Sensor software. See Performing Signature Set and Sensor Software Upgrade. Upgrading the Manager Manager and OS upgrade 4 Task 1 Using the Switch Over command, make...
Upgrade Guide
Page 39
... server and stop any 5.1 saved report files and alert archives from the McAfee Update Server. The alert archives are saved at hand. See Downloading the Manager/Central Manager executable, Installation Guide. • You have backed up Network Security Platform data. • You have the 6.0 Manager installable file at \REPORTS folder. Upgrading the Manager Stand-alone Manager upgrade 4 Stand-alone Manager upgrade Before you upgrade the Manager to 6.0, make sure of the following the steps in MDR Manager upgrade...
... server and stop any 5.1 saved report files and alert archives from the McAfee Update Server. The alert archives are saved at hand. See Downloading the Manager/Central Manager executable, Installation Guide. • You have backed up Network Security Platform data. • You have the 6.0 Manager installable file at \REPORTS folder. Upgrading the Manager Stand-alone Manager upgrade 4 Stand-alone Manager upgrade Before you upgrade the Manager to 6.0, make sure of the following the steps in MDR Manager upgrade...
Upgrade Guide
Page 46
... Reviewing the upgrade considerations on page 48 Sensor Software and Signature Set Upgrade using Manager 6.0 Task 1 If you do an upgrade using TFTP [vs. The Sensor updates its Sensor software image, and saves the bundled signature set are deployed inline in Step 4. 46 McAfee® Network Security Platform 6.1 Upgrade Guide when upgraded using the Manager interface for a major upgrade (for example, from 5.1 to download the signature set from the Manager, the Sensor cannot process traffic and raise alerts. On reboot...
... Reviewing the upgrade considerations on page 48 Sensor Software and Signature Set Upgrade using Manager 6.0 Task 1 If you do an upgrade using TFTP [vs. The Sensor updates its Sensor software image, and saves the bundled signature set are deployed inline in Step 4. 46 McAfee® Network Security Platform 6.1 Upgrade Guide when upgraded using the Manager interface for a major upgrade (for example, from 5.1 to download the signature set from the Manager, the Sensor cannot process traffic and raise alerts. On reboot...