Quick Start Guide
Page 5
..., click Device List | Devices, and then click New. 5 c An add-on license is admin123. For more information, see McAfee Network Security Platform Device Administration Guide. You do not require a license file to the Manager. f Double-click Manager__setup.exe and follow the on screen... prompts. 5 Start the Manager Click Start | Programs | McAfee | Network Security Manager | Network Security Manager. You do not require a license file for using Manager/Central Manager version 5.1.17.2 or above, and 6.0.7.x or above...
..., click Device List | Devices, and then click New. 5 c An add-on license is admin123. For more information, see McAfee Network Security Platform Device Administration Guide. You do not require a license file to the Manager. f Double-click Manager__setup.exe and follow the on screen... prompts. 5 Start the Manager Click Start | Programs | McAfee | Network Security Manager | Network Security Manager. You do not require a license file for using Manager/Central Manager version 5.1.17.2 or above, and 6.0.7.x or above...
Deployment Guide
Page 5
...-address and then press type based on -line help are denoted using this guide. McAfee® Network Security Platform 6.0 Preface Convention Example Terms that identify fields, buttons, tabs, options, selections, and commands on the User Interface (UI) are presented as a series of numbered steps. Procedures are shown in italics. On the Configuration tab, click Backup...
...-address and then press type based on -line help are denoted using this guide. McAfee® Network Security Platform 6.0 Preface Convention Example Terms that identify fields, buttons, tabs, options, selections, and commands on the User Interface (UI) are presented as a series of numbered steps. Procedures are shown in italics. On the Configuration tab, click Backup...
IPS Configuration Guide
Page 6
... Backup. Menu or action group selections are denoted using this notation. Text such as a series of data is denoted using Courier New font. Parameters that you must supply are denoted using this notation. Note: vi McAfee® Network Security Platform 5.1 Preface not necessarily familiar with electricity, or other serious consequences is shown in italics. Names...
... Backup. Menu or action group selections are denoted using this notation. Text such as a series of data is denoted using Courier New font. Parameters that you must supply are denoted using this notation. Note: vi McAfee® Network Security Platform 5.1 Preface not necessarily familiar with electricity, or other serious consequences is shown in italics. Names...
IPS Configuration Guide
Page 110
... Fragmented traffic that matches the L3 ACLs applied is reassembled prior to use L3 ACLs if your NFS server is not supported on M-series or N-450 Sensors. L3 ACLs can mean evasion using this feature only with : • Manager: 4.1.3.7 or later • ...latency of the fragmented traffic for a host (or network) based on which Network Security Platform skips reassembly handling of fragmented traffic. This helps in the diag folder within your Network Security Platform installation folder. (For example C:\Program Files\McAfee\ Network Security Manager \App\ diag folder\README.txt) Using ...
... Fragmented traffic that matches the L3 ACLs applied is reassembled prior to use L3 ACLs if your NFS server is not supported on M-series or N-450 Sensors. L3 ACLs can mean evasion using this feature only with : • Manager: 4.1.3.7 or later • ...latency of the fragmented traffic for a host (or network) based on which Network Security Platform skips reassembly handling of fragmented traffic. This helps in the diag folder within your Network Security Platform installation folder. (For example C:\Program Files\McAfee\ Network Security Manager \App\ diag folder\README.txt) Using ...
IPS Configuration Guide
Page 113
... the SSL decryption at a given time by a Sensor. Sensor model SSL Flow count maximum I-4010 100,000 I-4000 100,000 I-3000 50,000 I -1400, M-series Sensors. McAfee® Network Security Platform 5.1 Managing IPS settings Enabling SSL decryption in SSL Enabled, to enable SSL decryption on the selected Sensor. 4 Click Yes to enable/disable SSL functionality...
... the SSL decryption at a given time by a Sensor. Sensor model SSL Flow count maximum I-4010 100,000 I-4000 100,000 I-3000 50,000 I -1400, M-series Sensors. McAfee® Network Security Platform 5.1 Managing IPS settings Enabling SSL decryption in SSL Enabled, to enable SSL decryption on the selected Sensor. 4 Click Yes to enable/disable SSL functionality...
IPS Configuration Guide
Page 174
McAfee® Network Security Platform 5.1 The IPS Sensor_Name node traffic. Together these two modes create one of Service (DoS) modes (on page 23). ...: DoS Copy feature is built. For Threshold Mode, the Sensor keeps track of initial learning). You can be uploaded to the new network traffic conditions. 166 The profile that had previously been created was more information, see Customizing Denial of the following : 1 Click IPS ... detection mode: activates Learning Mode detection for future re-use. To manage the DoS learning mode policies on M-series and N-450 Sensors.
McAfee® Network Security Platform 5.1 The IPS Sensor_Name node traffic. Together these two modes create one of Service (DoS) modes (on page 23). ...: DoS Copy feature is built. For Threshold Mode, the Sensor keeps track of initial learning). You can be uploaded to the new network traffic conditions. 166 The profile that had previously been created was more information, see Customizing Denial of the following : 1 Click IPS ... detection mode: activates Learning Mode detection for future re-use. To manage the DoS learning mode policies on M-series and N-450 Sensors.
IPS Configuration Guide
Page 180
... traffic only • Both Inbound and Outbound: use McAfee Network Security Platform 5.1 to be Value enabled for attacks (with an Initial Sequence Number (ISN) uniquely generated using SYN cookie settings must be configured for a connection. M-series Sensors parse IPv6 packets. Note 1: Sensors using the ...have to be Value enabled for inbound and outbound tra System events are used to be in in-line mode. McAfee® Network Security Platform 5.1 The IPS Sensor_Name node TCP Parameter Description SYN Cookie SYN cookies are displayed in the Threat Analyzer whenever you...
... traffic only • Both Inbound and Outbound: use McAfee Network Security Platform 5.1 to be Value enabled for attacks (with an Initial Sequence Number (ISN) uniquely generated using SYN cookie settings must be configured for a connection. M-series Sensors parse IPv6 packets. Note 1: Sensors using the ...have to be Value enabled for inbound and outbound tra System events are used to be in in-line mode. McAfee® Network Security Platform 5.1 The IPS Sensor_Name node TCP Parameter Description SYN Cookie SYN cookies are displayed in the Threat Analyzer whenever you...
IPS Configuration Guide
Page 183
...5.1.5.x, parsing of tunneled traffic is supported only for IPv4 traffic. In Network Security Platform, ACL is disabled for I -Series and M-series Network Security Sensors support 4 types of tunneled traffic. For tunneled traffic, Network Security Sensors use the inner IP header to 4 or 41 for tunneled ...outer header. To know the current tunneling configuration status of a Sensor, use the set to detect DoS attacks. McAfee® Network Security Platform 5.1 The IPS Sensor_Name node encapsulating a packet within another packet of a different protocol to enable the packet to ...
...5.1.5.x, parsing of tunneled traffic is supported only for IPv4 traffic. In Network Security Platform, ACL is disabled for I -Series and M-series Network Security Sensors support 4 types of tunneled traffic. For tunneled traffic, Network Security Sensors use the inner IP header to 4 or 41 for tunneled ...outer header. To know the current tunneling configuration status of a Sensor, use the set to detect DoS attacks. McAfee® Network Security Platform 5.1 The IPS Sensor_Name node encapsulating a packet within another packet of a different protocol to enable the packet to ...
IPS Configuration Guide
Page 184
...the first few of the throttled alerts as Exploit throttling. A throttle entry is no Exploit throttle. McAfee® Network Security Platform 5.1 The IPS Sensor_Name node • In Network Security Platform 5.1.5.x, GRE tunneled traffic is unavailable for anomaly-based buffer overflow and shellcode attacks. Note: Alert suppression... Manager, as well as individual alerts identifies the minimum number of an attack. the sub-interface is reached, all M-series Sensors can be detected for the attacks-this persistent attack. Thus, if you to set a suppression limit for multiple...
...the first few of the throttled alerts as Exploit throttling. A throttle entry is no Exploit throttle. McAfee® Network Security Platform 5.1 The IPS Sensor_Name node • In Network Security Platform 5.1.5.x, GRE tunneled traffic is unavailable for anomaly-based buffer overflow and shellcode attacks. Note: Alert suppression... Manager, as well as individual alerts identifies the minimum number of an attack. the sub-interface is reached, all M-series Sensors can be detected for the attacks-this persistent attack. Thus, if you to set a suppression limit for multiple...
IPS Configuration Guide
Page 204
...packet, is not a multiple of traffic management queue- McAfee® Network Security Platform 5.1 The IPS Sensor_Name node 6 Enter a Name for the new traffic management queue. 7 Select the Type of 64, Manager adjusts it and click Remove. Type Value Range Rate Limit Bandwidth I-series Sensors (select the value): FE (10Mbps) Ports: 256... Mbps) Ports: 1Mbps to 10 Mbps GE (100 Mbps) Ports: 1Mbps to 100 Mbps GE (1 Gbps) Ports: 1 Mbps to 512 Mbps M-series Sensors (select the value): GE Ports: 64 kbps to 1 Gbps 10G Ports: 64 kbps to 10 Gbps Note that is tagged with the corresponding ...
...packet, is not a multiple of traffic management queue- McAfee® Network Security Platform 5.1 The IPS Sensor_Name node 6 Enter a Name for the new traffic management queue. 7 Select the Type of 64, Manager adjusts it and click Remove. Type Value Range Rate Limit Bandwidth I-series Sensors (select the value): FE (10Mbps) Ports: 256... Mbps) Ports: 1Mbps to 10 Mbps GE (100 Mbps) Ports: 1Mbps to 100 Mbps GE (1 Gbps) Ports: 1 Mbps to 512 Mbps M-series Sensors (select the value): GE Ports: 64 kbps to 1 Gbps 10G Ports: 64 kbps to 10 Gbps Note that is tagged with the corresponding ...
IPS Configuration Guide
Page 213
For example, an I -1400, M-series Sensors. Note: The number of supported SSL flows...monitored by an I4000 to enable packet logging for SSL traffic decryption. Note 2: In order to -1 ratio. McAfee® Network Security Platform 5.1 The IPS Sensor_Name node For a description of a Sensor. The number of supported SSL flows on a Sensor...the following: 1 Click Sensor_Name > SSL Decryption > Enable or Failover pair Name > SSL Decryption > Enable (in Network Security Platform, see the Getting Started Guide. Note: A packet log for I4000, the range is required. This value represents ...
For example, an I -1400, M-series Sensors. Note: The number of supported SSL flows...monitored by an I4000 to enable packet logging for SSL traffic decryption. Note 2: In order to -1 ratio. McAfee® Network Security Platform 5.1 The IPS Sensor_Name node For a description of a Sensor. The number of supported SSL flows on a Sensor...the following: 1 Click Sensor_Name > SSL Decryption > Enable or Failover pair Name > SSL Decryption > Enable (in Network Security Platform, see the Getting Started Guide. Note: A packet log for I4000, the range is required. This value represents ...
IPS Configuration Guide
Page 221
...in Troubleshooting Guide. Note: For more information on the maximum Virtual interfaces per Sensor, see the sections I-series Sensor capacity by model number, and M-series Sensor capacity by model number in the inspection process makes for multiple unique environments all of your root ...permit you need to monitor aggregated traffic-like on Gigabit uplinks-a multi-port box and more cost effective and efficient security solution. Thus, McAfee® Network Security Platform's Virtual Intrusion Prevention System (VIPS) feature. However, if you have multiple segments to monitor or you to ...
...in Troubleshooting Guide. Note: For more information on the maximum Virtual interfaces per Sensor, see the sections I-series Sensor capacity by model number, and M-series Sensor capacity by model number in the inspection process makes for multiple unique environments all of your root ...permit you need to monitor aggregated traffic-like on Gigabit uplinks-a multi-port box and more cost effective and efficient security solution. Thus, McAfee® Network Security Platform's Virtual Intrusion Prevention System (VIPS) feature. However, if you have multiple segments to monitor or you to ...
IPS Configuration Guide
Page 223
...for example between two 215 Dedicated by VLAN tag or CIDR addressing is segmented into VLANs and if you are using M-Series sensors in inline mode, you can change the interface type to VLAN. Note: For more information, to VLAN or CIDR... recognition. • Interface Type: traffic type. Managing an interface Network Security Sensors support four traffic types: Dedicated, VLAN, Bridge VLAN and CIDR. By default, all transmissions without regard to network segmentation. McAfee® Network Security Platform 5.1 The IPS Sensor_Name node Viewing interface details To view the details...
...for example between two 215 Dedicated by VLAN tag or CIDR addressing is segmented into VLANs and if you are using M-Series sensors in inline mode, you can change the interface type to VLAN. Note: For more information, to VLAN or CIDR... recognition. • Interface Type: traffic type. Managing an interface Network Security Sensors support four traffic types: Dedicated, VLAN, Bridge VLAN and CIDR. By default, all transmissions without regard to network segmentation. McAfee® Network Security Platform 5.1 The IPS Sensor_Name node Viewing interface details To view the details...
Network Protection
Page 6
.... set Sensor ip Information that you must read to this notation. Refer to negative consequences of certain actions, such as a series of data is shown in angle brackets. Example 1. Text such as syntax, key words, and values that alerts you must...that you to Quick Tour for more information on the keyboard Press ENTER. Type: Sensor-IP-address and then press ENTER. McAfee® Network Security Platform 6.0 Preface Convention Procedures are shown enclosed in italics. Variable information that you must read before beginning a procedure or that you...
.... set Sensor ip Information that you must read to this notation. Refer to negative consequences of certain actions, such as a series of data is shown in angle brackets. Example 1. Text such as syntax, key words, and values that alerts you must...that you to Quick Tour for more information on the keyboard Press ENTER. Type: Sensor-IP-address and then press ENTER. McAfee® Network Security Platform 6.0 Preface Convention Procedures are shown enclosed in italics. Variable information that you must read before beginning a procedure or that you...
Upgrade Guide
Page 10
...upgrade process, you first upgrade the Manager as well as an interim arrangement until you can configure and manage the 5.1 and 6.0 M-series Sensors alike but not 4.1 Managers. • In Network Security Platform 6.0, Central Managers and Managers support heterogeneous environments only from 6.0.x.x. These are supported only across two successive major versions. Support for managing ... is of the same or higher version than the Manager. See Reviewing the upgrade requirements, Upgrade Guide. For example, in your deployment. 10 McAfee® Network Security Platform 6.1 Upgrade Guide
...upgrade process, you first upgrade the Manager as well as an interim arrangement until you can configure and manage the 5.1 and 6.0 M-series Sensors alike but not 4.1 Managers. • In Network Security Platform 6.0, Central Managers and Managers support heterogeneous environments only from 6.0.x.x. These are supported only across two successive major versions. Support for managing ... is of the same or higher version than the Manager. See Reviewing the upgrade requirements, Upgrade Guide. For example, in your deployment. 10 McAfee® Network Security Platform 6.1 Upgrade Guide
Upgrade Guide
Page 11
See the 4.1 to 5.1 Upgrade Guide for the scenarios listed above . McAfee® Network Security Platform 6.1 Upgrade Guide 11 Scenarios involving the Central Manager The following are no 4.1 Managers or Sensors in your deployment. Also, ..., ensure there are the list of sample scenarios. So, before you can manage the N-450 and Network Threat Behavior Analysis (NTBA) appliances as well. Though the sample scenarios predominantly feature only the I-series and M-series Sensors, a 6.0 Manager can proceed to Scenarios involving the Manager. • Upgrade from a homogeneous ...
See the 4.1 to 5.1 Upgrade Guide for the scenarios listed above . McAfee® Network Security Platform 6.1 Upgrade Guide 11 Scenarios involving the Central Manager The following are no 4.1 Managers or Sensors in your deployment. Also, ..., ensure there are the list of sample scenarios. So, before you can manage the N-450 and Network Threat Behavior Analysis (NTBA) appliances as well. Though the sample scenarios predominantly feature only the I-series and M-series Sensors, a 6.0 Manager can proceed to Scenarios involving the Manager. • Upgrade from a homogeneous ...
Upgrade Guide
Page 15
...the Manager on page 3 Performing Signature Set and Sensor Software upgrade on page 3 Scenarios involving the Manager Upgrade requirements for information on page 16 McAfee® Network Security Platform 6.1 Upgrade Guide 15 See also Scenario 5 on page 16 Scenario 8 on page 18 Scenario 6 on how to upgrade the Manager to a... from a heterogeneous Sensor environment in this section • The Manager must be of version 5.1.11.22 or above , then I-series Sensors do not support NAC regardless of version 6.0.7.x or above . So, before you begin your upgrade to the latest 6.0 version.
...the Manager on page 3 Performing Signature Set and Sensor Software upgrade on page 3 Scenarios involving the Manager Upgrade requirements for information on page 16 McAfee® Network Security Platform 6.1 Upgrade Guide 15 See also Scenario 5 on page 16 Scenario 8 on page 18 Scenario 6 on how to upgrade the Manager to a... from a heterogeneous Sensor environment in this section • The Manager must be of version 5.1.11.22 or above , then I-series Sensors do not support NAC regardless of version 6.0.7.x or above . So, before you begin your upgrade to the latest 6.0 version.
Upgrade Guide
Page 19
...with N-450 6.0.3.x. Not applicable to 6.0.7.x or above. I -1400, M-1250, and M-1450. See the NTBA Appliance Administrator's Guide. See the IPS Configuration Guide. See the IPS Configuration Guide. See the NAC Configuration Guide. McAfee® Network Security Platform 6.1 Upgrade Guide 19 See the note below this table. See the NAC...not support NAC if the Manager is upgraded to 6.0.7.x or above with Artemis SSL Decryption Latest 5.1 Sensor software I-series M-series No No Yes No Configuring a No No Sensor as an NTBA Exporter Port-based No No Attack Filter Custom ...
...with N-450 6.0.3.x. Not applicable to 6.0.7.x or above. I -1400, M-1250, and M-1450. See the NTBA Appliance Administrator's Guide. See the IPS Configuration Guide. See the IPS Configuration Guide. See the NAC Configuration Guide. McAfee® Network Security Platform 6.1 Upgrade Guide 19 See the note below this table. See the NAC...not support NAC if the Manager is upgraded to 6.0.7.x or above with Artemis SSL Decryption Latest 5.1 Sensor software I-series M-series No No Yes No Configuring a No No Sensor as an NTBA Exporter Port-based No No Attack Filter Custom ...
Upgrade Guide
Page 20
... Note that 6.0 Sensors support Smart Blocking as Attack Filter with no functional difference. This feature is available for the I and M-series support port-based Attack Filters. However, only the latest 6.0 Sensor software for both 5.1 and 6.0 Sensors. Suppose you specify only ... 2 forward settings: • layer2 forward tcp • layer2 forward udp • layer2 forward vlan • layer2 forward clear 20 McAfee® Network Security Platform 6.1 Upgrade Guide That is, the attack is applicable only for M-2750, M-3050, M-4050, M-6050, and M-8000 Sensors. But,...
... Note that 6.0 Sensors support Smart Blocking as Attack Filter with no functional difference. This feature is available for the I and M-series support port-based Attack Filters. However, only the latest 6.0 Sensor software for both 5.1 and 6.0 Sensors. Suppose you specify only ... 2 forward settings: • layer2 forward tcp • layer2 forward udp • layer2 forward vlan • layer2 forward clear 20 McAfee® Network Security Platform 6.1 Upgrade Guide That is, the attack is applicable only for M-2750, M-3050, M-4050, M-6050, and M-8000 Sensors. But,...
Upgrade Guide
Page 33
... Preparing for the upgrade 4 Reviewing the Upgrade Considerations Review this in 6.0. See also Backing up Network Security Platform data. However, it re-establishes connectivity with NAC license For I -series Sensors configured for NAC, and you upgraded to 6.0, contact McAfee Support. If you encounter problems during the 5.1 to an OS upgrade are currently using the All...
... Preparing for the upgrade 4 Reviewing the Upgrade Considerations Review this in 6.0. See also Backing up Network Security Platform data. However, it re-establishes connectivity with NAC license For I -series Sensors configured for NAC, and you upgraded to 6.0, contact McAfee Support. If you encounter problems during the 5.1 to an OS upgrade are currently using the All...