Deployment Guide
Page 12
...and maintain your Network Security Platform configuration. You use these address parameters are monitoring. For more information on . While actively monitoring network traffic, your team and to attacks, and otherwise shore up and running and reviewing the data generated...transmissions, or send address-blocking for effective network security. McAfee® Network Security Platform 6.0 Getting Started Viewing and working with data generated by excluding certain Source and Destination IP address parameters. Network Security Platform provides two tools for examining and viewing ...
...and maintain your Network Security Platform configuration. You use these address parameters are monitoring. For more information on . While actively monitoring network traffic, your team and to attacks, and otherwise shore up and running and reviewing the data generated...transmissions, or send address-blocking for effective network security. McAfee® Network Security Platform 6.0 Getting Started Viewing and working with data generated by excluding certain Source and Destination IP address parameters. Network Security Platform provides two tools for examining and viewing ...
IPS Configuration Guide
Page 44
... "Configure Attack Detail for configuration: these areas become available once you want applied to Step 6. Select Sensor responses (Sensor Actions). A review page displays your customizations. 36 If there are unavailable for Attack Category: " table remain enabled. Go to the next step. 6 ...page 19) for notification descriptions. 11 Click OK at the bottom of the following: Click the Enable Alert check box. McAfee® Network Security Platform 5.1 Managing IPS settings 4 (Optional) Select the Severity for all attacks. 10 In the Notifications region, select the checkbox ...
... "Configure Attack Detail for configuration: these areas become available once you want applied to Step 6. Select Sensor responses (Sensor Actions). A review page displays your customizations. 36 If there are unavailable for Attack Category: " table remain enabled. Go to the next step. 6 ...page 19) for notification descriptions. 11 Click OK at the bottom of the following: Click the Enable Alert check box. McAfee® Network Security Platform 5.1 Managing IPS settings 4 (Optional) Select the Severity for all attacks. 10 In the Notifications region, select the checkbox ...
IPS Configuration Guide
Page 45
Review Page Click Cancel to exit Bulk Editing without changes. 12 Click OK to confirm and save up to 30 versions of the policy. Creating versions ... created, do the following : 1 Select IPS Settings > Policies > IPS Policy Editor. 2 Select the policy for Attack Category window. To create a new version of time. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 36: Bulk Edit - Deleting an IPS policy To delete a policy you create a new policy, the Manager saves the policy as the...
Review Page Click Cancel to exit Bulk Editing without changes. 12 Click OK to confirm and save up to 30 versions of the policy. Creating versions ... created, do the following : 1 Select IPS Settings > Policies > IPS Policy Editor. 2 Select the policy for Attack Category window. To create a new version of time. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 36: Bulk Edit - Deleting an IPS policy To delete a policy you create a new policy, the Manager saves the policy as the...
IPS Configuration Guide
Page 46
...any two revisions to delete a current policy version, the Manager displays the message, "The selected revision cannot be deleted. After reviewing, you need to protect against, the types of a policy. Using this editor, you can opt for Reconnaissance policy management. ... select the reconnaissance attacks you want to block 38 When you can also view the details under > Log > User Activity Audit. McAfee® Network Security Platform 5.1 Managing IPS settings 1 Select IPS Settings > Policies > IPS Policy Editor. 2 Select a policy. 3 Click Version Control. Note...
...any two revisions to delete a current policy version, the Manager displays the message, "The selected revision cannot be deleted. After reviewing, you need to protect against, the types of a policy. Using this editor, you can opt for Reconnaissance policy management. ... select the reconnaissance attacks you want to block 38 When you can also view the details under > Log > User Activity Audit. McAfee® Network Security Platform 5.1 Managing IPS settings 1 Select IPS Settings > Policies > IPS Policy Editor. 2 Select a policy. 3 Click Version Control. Note...
IPS Configuration Guide
Page 122
...ACLs are enabled at the top right corner of the exclusion list that the host is part of the Configure Attack Detail page. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 122: Configure Attack Detail page 7 Select the drop-down list. These ACLs monitor traffic from the...ACLs and traditional ACLs IPS quarantine ACLs are eligible for IPS Quarantine, select Attacks Eligible for a detected attack. Review the following to the IPS Quarantine Network Access Zone (NAZ). Thus if the alert filter sorts the alert, the IPS quarantine action is not executed for...
...ACLs are enabled at the top right corner of the exclusion list that the host is part of the Configure Attack Detail page. McAfee® Network Security Platform 5.1 Managing IPS settings Figure 122: Configure Attack Detail page 7 Select the drop-down list. These ACLs monitor traffic from the...ACLs and traditional ACLs IPS quarantine ACLs are eligible for IPS Quarantine, select Attacks Eligible for a detected attack. Review the following to the IPS Quarantine Network Access Zone (NAZ). Thus if the alert filter sorts the alert, the IPS quarantine action is not executed for...
IPS Configuration Guide
Page 238
... Setting policy for a sub-interface (on page 213). Figure 225: Customize DoS Policy 230 McAfee® Network Security Platform 5.1 The IPS Sensor_Name node Note: DoS policy cannot be customized to the policy. The (Inherited... DoS) highlight indicates that Version Control is currently protected by the DoS settings of your applied IPS policy. 2 Click Edit. 3 Open a policy and make changes. 4 Click Commit Changes. 5 Click Version Control to track or review...
... Setting policy for a sub-interface (on page 213). Figure 225: Customize DoS Policy 230 McAfee® Network Security Platform 5.1 The IPS Sensor_Name node Note: DoS policy cannot be customized to the policy. The (Inherited... DoS) highlight indicates that Version Control is currently protected by the DoS settings of your applied IPS policy. 2 Click Edit. 3 Open a policy and make changes. 4 Click Commit Changes. 5 Click Version Control to track or review...
Upgrade Guide
Page 3
... Manager license file requirement 24 Preparing for the upgrade 24 Backing up Network Security Platform data 25 Reviewing the Upgrade Considerations 25 Central Manager and OS upgrade 26 Approach 2: ...Reviewing the Upgrade Considerations 33 Backing up Network Security Platform data 35 MDR Manager upgrade 36 Manager and OS upgrade 37 Approach 2: Using a new hardware 38 Stand-alone Manager upgrade 39 Running additional scripts 40 5 Performing Signature Set and Sensor Software upgrade 43 Difference between an update and an upgrade 43 McAfee® Network Security Platform...
... Manager license file requirement 24 Preparing for the upgrade 24 Backing up Network Security Platform data 25 Reviewing the Upgrade Considerations 25 Central Manager and OS upgrade 26 Approach 2: ...Reviewing the Upgrade Considerations 33 Backing up Network Security Platform data 35 MDR Manager upgrade 36 Manager and OS upgrade 37 Approach 2: Using a new hardware 38 Stand-alone Manager upgrade 39 Running additional scripts 40 5 Performing Signature Set and Sensor Software upgrade 43 Difference between an update and an upgrade 43 McAfee® Network Security Platform...
Upgrade Guide
Page 4
TFTP server 46 Sensor Software and Signature Set Upgrade using Manager 6.0 46 Sensor software upgrade using a TFTP server 48 Updating Sensor software in a failover pair 50 6 Performing NTBA Appliance software upgrade 53 7 Information on downgrade 55 Index 57 4 McAfee® Network Security Platform 6.1 Upgrade Guide Contents Sensor upgrade requirements 43 Reviewing the upgrade considerations 44 Updating Sensor software image 44 Sensor software upgrade: Manager vs.
TFTP server 46 Sensor Software and Signature Set Upgrade using Manager 6.0 46 Sensor software upgrade using a TFTP server 48 Updating Sensor software in a failover pair 50 6 Performing NTBA Appliance software upgrade 53 7 Information on downgrade 55 Index 57 4 McAfee® Network Security Platform 6.1 Upgrade Guide Contents Sensor upgrade requirements 43 Reviewing the upgrade considerations 44 Updating Sensor software image 44 Sensor software upgrade: Manager vs.
Upgrade Guide
Page 10
... Decryption feature is of the upgrade process, you upgrade all the Sensors are supported only across two successive major versions. See Reviewing the upgrade requirements, Upgrade Guide. To use of the same major version. • Heterogeneous Sensor environment: At least one ... version than the corresponding Managers. • Heterogeneous environments are of the latest features in your deployment. 10 McAfee® Network Security Platform 6.1 Upgrade Guide Support for inspection. 2 Managing a Heterogeneous Environment When would you need a heterogeneous environment?
... Decryption feature is of the upgrade process, you upgrade all the Sensors are supported only across two successive major versions. See Reviewing the upgrade requirements, Upgrade Guide. To use of the same major version. • Heterogeneous Sensor environment: At least one ... version than the corresponding Managers. • Heterogeneous environments are of the latest features in your deployment. 10 McAfee® Network Security Platform 6.1 Upgrade Guide Support for inspection. 2 Managing a Heterogeneous Environment When would you need a heterogeneous environment?
Upgrade Guide
Page 23
... Stand-alone Central Manager upgrade Reviewing the upgrade requirements This chapter discusses the requirements for the Central Manager 6.0 server. Central Manager system requirements Underpowered and/or undersized machines can lead to performance issues and storage problems. We strongly recommend the use of 6.0, to the latest 6.0 version. McAfee® Network Security Platform 6.1 Upgrade Guide 23 This...
... Stand-alone Central Manager upgrade Reviewing the upgrade requirements This chapter discusses the requirements for the Central Manager 6.0 server. Central Manager system requirements Underpowered and/or undersized machines can lead to performance issues and storage problems. We strongly recommend the use of 6.0, to the latest 6.0 version. McAfee® Network Security Platform 6.1 Upgrade Guide 23 This...
Upgrade Guide
Page 25
...up Network Security Platform data Before you upgrade, back up your database. If you have a very large number of alerts and packet logs to upgrade, first consider archiving and deleting any McAfee Custom ...a database backup Back up All Tables and archiving the alerts and packet logs. McAfee strongly recommends backing up your database backup files. If you do not need prior... deployment and the size of your backup in when you estimate the Central Manager downtime. McAfee® Network Security Platform 6.1 Upgrade Guide 25 To perform an All-Tables backup: Task 1 Navigate to \bin...
...up Network Security Platform data Before you upgrade, back up your database. If you have a very large number of alerts and packet logs to upgrade, first consider archiving and deleting any McAfee Custom ...a database backup Back up All Tables and archiving the alerts and packet logs. McAfee strongly recommends backing up your database backup files. If you do not need prior... deployment and the size of your backup in when you estimate the Central Manager downtime. McAfee® Network Security Platform 6.1 Upgrade Guide 25 To perform an All-Tables backup: Task 1 Navigate to \bin...
Upgrade Guide
Page 27
... 6.0 database backup from each Manager. 4 On the new machine, install Central Manager 6.0. The high-level steps involved in Reviewing the upgrade requirements. Make sure that the IP address of the new Central Manager is different, then the Managers cannot communicate with... is working fine. See the Installation Guide for Manager Disaster Recovery (MDR): McAfee® Network Security Platform 6.1 Upgrade Guide 27 If everything is working fine. See Performing a database backup. 3 On the network, replace the existing Central Manager server with Windows Server 2008 R2 Standard Edition ...
... 6.0 database backup from each Manager. 4 On the new machine, install Central Manager 6.0. The high-level steps involved in Reviewing the upgrade requirements. Make sure that the IP address of the new Central Manager is different, then the Managers cannot communicate with... is working fine. See the Installation Guide for Manager Disaster Recovery (MDR): McAfee® Network Security Platform 6.1 Upgrade Guide 27 If everything is working fine. See Performing a database backup. 3 On the network, replace the existing Central Manager server with Windows Server 2008 R2 Standard Edition ...
Upgrade Guide
Page 28
...on page 30 Stand-alone Central Manager upgrade Before you upgrade the Central Manager to 6.0, ensure that: • Your current Network Security Platform infrastructure meets all third-party applications. You set this is up in standby mode. 4 Stop the secondary Central Manager. 5... should switch it from the McAfee Update Server. Make sure you stop all the requirements discussed in Reviewing the upgrade requirements. • You have your 5.1 Central Manager data. To upgrade a stand-alone Central Manager: 28 McAfee® Network Security Platform 6.1 Upgrade Guide The primary ...
...on page 30 Stand-alone Central Manager upgrade Before you upgrade the Central Manager to 6.0, ensure that: • Your current Network Security Platform infrastructure meets all third-party applications. You set this is up in standby mode. 4 Stop the secondary Central Manager. 5... should switch it from the McAfee Update Server. Make sure you stop all the requirements discussed in Reviewing the upgrade requirements. • You have your 5.1 Central Manager data. To upgrade a stand-alone Central Manager: 28 McAfee® Network Security Platform 6.1 Upgrade Guide The primary ...
Upgrade Guide
Page 29
... the McAfee® Network Security Central Manager service. Then right-click on page 30 McAfee® Network Security Platform 6.1 Upgrade Guide 29 You can verify the version on the Log on page 27 Upgrading the Signature Set for Central Manager. Tasks • Upgrading the Signature Set for the Central Manager on page 30 See also Reviewing the upgrade...
... the McAfee® Network Security Central Manager service. Then right-click on page 30 McAfee® Network Security Platform 6.1 Upgrade Guide 29 You can verify the version on the Log on page 27 Upgrading the Signature Set for Central Manager. Tasks • Upgrading the Signature Set for the Central Manager on page 30 See also Reviewing the upgrade...
Upgrade Guide
Page 31
...successful ManagerManager upgrade. To upgrade to an earlier version of the Manager must be able to upgrade to 6.0, the current version of 6.0, also review the corresponding Release Notes. Contents Reviewing the upgrade requirements Preparing for the upgrade MDR Manager upgrade Manager and OS upgrade Stand-alone Manager upgrade... are the system requirements for alert and packet log storage. Manager system requirements Underpowered and/or undersized machines can upgrade the Sensors. McAfee® Network Security Platform 6.1 Upgrade Guide 31 You need to the latest 6.0 version.
...successful ManagerManager upgrade. To upgrade to an earlier version of the Manager must be able to upgrade to 6.0, the current version of 6.0, also review the corresponding Release Notes. Contents Reviewing the upgrade requirements Preparing for the upgrade MDR Manager upgrade Manager and OS upgrade Stand-alone Manager upgrade... are the system requirements for alert and packet log storage. Manager system requirements Underpowered and/or undersized machines can upgrade the Sensors. McAfee® Network Security Platform 6.1 Upgrade Guide 31 You need to the latest 6.0 version.
Upgrade Guide
Page 33
...If you are currently using the All Tables option both before you need to upgrade the Sensor software to 6.0 as well during upgrade. McAfee® Network Security Platform 6.1 Upgrade Guide 33 After you upgrade the Manager, you commence the upgrade process: Manager upgrade downtime window The time required to upgrade the... is critical that you plan to upgrade the Manager depends on a higher version Manager. Upgrading the Manager Preparing for the upgrade 4 Reviewing the Upgrade Considerations Review this in the background. If you upgraded to 6.0 upgrade window.
...If you are currently using the All Tables option both before you need to upgrade the Sensor software to 6.0 as well during upgrade. McAfee® Network Security Platform 6.1 Upgrade Guide 33 After you upgrade the Manager, you commence the upgrade process: Manager upgrade downtime window The time required to upgrade the... is critical that you plan to upgrade the Manager depends on a higher version Manager. Upgrading the Manager Preparing for the upgrade 4 Reviewing the Upgrade Considerations Review this in the background. If you upgraded to 6.0 upgrade window.
Upgrade Guide
Page 34
...: Previous versions of these data, then disable the integration with McAfee Global Threat Intelligence to send your alert data summary to or install Manager 6.0.7.x or above, it . If you review the latest version of the NAC Configuration Guide to understand the effects... in 6.0. Depending on Global Threat Intelligence and TrustedSource Intelligence When you upgrade. Follow the steps below: 34 McAfee® Network Security Platform 6.1 Upgrade Guide 4 Upgrading the Manager Preparing for the upgrade Changes in the NAC feature In release 6.0, there are extensively ...
...: Previous versions of these data, then disable the integration with McAfee Global Threat Intelligence to send your alert data summary to or install Manager 6.0.7.x or above, it . If you review the latest version of the NAC Configuration Guide to understand the effects... in 6.0. Depending on Global Threat Intelligence and TrustedSource Intelligence When you upgrade. Follow the steps below: 34 McAfee® Network Security Platform 6.1 Upgrade Guide 4 Upgrading the Manager Preparing for the upgrade Changes in the NAC feature In release 6.0, there are extensively ...
Upgrade Guide
Page 38
... Manager on the new machine. See also Reviewing the upgrade requirements on page 23 Stand-alone Manager upgrade on page 39 Performing a database backup on page 25 Manager license file requirement on page 32 38 McAfee® Network Security Platform 6.1 Upgrade Guide See Performing a database backup. 3 On the network, replace the existing Manager server with the...
... Manager on the new machine. See also Reviewing the upgrade requirements on page 23 Stand-alone Manager upgrade on page 39 Performing a database backup on page 25 Manager license file requirement on page 32 38 McAfee® Network Security Platform 6.1 Upgrade Guide See Performing a database backup. 3 On the network, replace the existing Manager server with the...
Upgrade Guide
Page 39
... application is actively communicating with Network Security Platform, your server and stop any 5.1 saved report files and alert archives from the McAfee Update Server. Alternatively, go to standby mode before you upgrade the Manager. • Your current Network Security Platform infrastructure meets all the requirements discussed in Reviewing the upgrade requirements. • You have reviewed and understood the implications...
... application is actively communicating with Network Security Platform, your server and stop any 5.1 saved report files and alert archives from the McAfee Update Server. Alternatively, go to standby mode before you upgrade the Manager. • Your current Network Security Platform infrastructure meets all the requirements discussed in Reviewing the upgrade requirements. • You have reviewed and understood the implications...
Upgrade Guide
Page 40
Tasks • Running additional scripts on page 40 See also Reviewing the upgrade requirements on page 31 Reviewing the Upgrade Considerations on page 33 Backing up . 4 Upgrading the Manager Stand-alone Manager upgrade 11 Log on to do so. Run ...If you run the sql scripts soon after the Manager upgrade is displayed, stop proceeding further and contact McAfee Technical Support with the details of the message. 4 Shut down the Manager. 40 McAfee® Network Security Platform 6.1 Upgrade Guide The system prompts you run these scripts when not prompted, you will receive SQL ...
Tasks • Running additional scripts on page 40 See also Reviewing the upgrade requirements on page 31 Reviewing the Upgrade Considerations on page 33 Backing up . 4 Upgrading the Manager Stand-alone Manager upgrade 11 Log on to do so. Run ...If you run the sql scripts soon after the Manager upgrade is displayed, stop proceeding further and contact McAfee Technical Support with the details of the message. 4 Shut down the Manager. 40 McAfee® Network Security Platform 6.1 Upgrade Guide The system prompts you run these scripts when not prompted, you will receive SQL ...